Until not long ago, being a hacker required deep skill in arcane arts such as Assembler and machine code and links to near-mythical chat boards where initiation ceremonies make the Freemasons look tame. Now all you have to do is read Techmeme, and you’re done, it seems. Here’s an article by Larry Dignan where he discusses all the scares on internet security, which kind of matches what I was thinking:

Thus far this summer, the Internet has not cracked, even though Dan Kaminsky basically revealed all the details of a flaw in the Domain Name System that could have led to a train wreck on the Internet. Thankfully, he cautiously provided the details, so patches could be put in place to prevent identities of users of banking and other sites on the Web to be hijacked, first.

Now, two security researchers have demonstrated how huge amounts of unencrypted Internet traffic can be siphoned off through the Border Gateway Protocol. One computer expert said in this Wired article that he “went around screaming my head about this about ten or twelve years ago” to intelligence agencies and to the National Security Council to no effect.

That’s the point. So far, the black hats haven’t shown they are smart enough to exploit hijack IDs through the DNS flaw or Internet traffic through the BGP eavesdropping.

Meanwhile, though, there seem to be plenty of dumb guys in white hats, making life miserable for thousands or millions of computer and Web users.

The Kaminsky affair sent us running around our own DNS (see Dave’s thoughts here), and I also felt that in this sort of situation, a bit of dignified silence in public forums wouldn’t hurt. The serious question remaining though is, how should one disseminate data of this sort?

I can’t believe there are not people at all the major Telcos, ISPs, standards bodies and manufacturers who could not be tipped off first. What are your thoughts on this?