this is a Good Thing?

I though MS had abandoned security through obscurity - i guess not.

I guess you'll be going after the whole publishing industry now - ll those nasty 'how to hack' books - how eveil

<sarcasm>Yes. We should definitely punish someone for disseminating this type of information. That way we can make sure that the only people who have access to it are the criminals. </sarcasm>

What's wrong with this mentality?

(a) Freedom of speech and information alone would dictate that gagging someone for telling how to do something is in itself a crime. It is, or should be, a basic human right to have knowledge.

(2) If only the select few criminals who know how to exploit that code are aware of it, there's less impetus to fix it. Ergo, exposing security holes in such a manner does have the benefit, intentional or otherwise, of raising alarms, informing the masses, and encouraging the corporation responsible to repair the security hole.

(D) Less people trained to test for the specific types of vulnerabilities in question, combined with a fear of being prosecuted for HAVING knowledge, can only lead to a society of carefully crafted ignorance, wherein only those who wear the Black Hat have the know-how to perform security exploits, and those *trying* to wear the White Hat are not only playing catch-up (which is generally the case anyway), but are now being forcibly restrained in what they can and cannot know. It's like being the last one out of the gate, AND being hobbled.

I suppose that's the way MicroSoft likes it - ignorant masses foolishly believing they're secure because the MS advertising machine says it's so - there's nobody to tell them the difference.

Incidentally, enumerating this post (a), (2), and (D) was  an existential statement about the reality we're all (not?) living in.

It will be interesting how you see it. When I blogged on Suspended Jail for Hacking Tutorial in France