The sad consequences of full disclosure
I checked with Sid why he hasn’t been answering my emails and learned that his ISP beThere disconnected him after he warned them about a trivial-to-exploit backdoor on all their customers’ routers.
The disturbing thing about this incident is that beThere were very quick to contact us asking that we take down (or modify) the article, and apparently they were fairly quick in disconnecting Sid, but when it comes to their customers’ security they are not as diligent – the problem is obviously still there.
I thought Sid was too nice when he removed the exploit details from his post (the ‘bad’ guys can get those themselves anyway) and I think I was very correct there. On the other hand I gave beThere a compliment about how fast they reacted to this incident and I was very wrong there – it seems their concerned was solely about the bad PR.
Let me change my previous comment to this: If I were a beThere customer I’d be concerned about the fact there’s a gaping backdoor on my router and all my ISP is doing is to threaten and disconnect a CS student for making this fact public.