Lamers claim blame in fame? For shame.

The Seattle Post-Intelligencer's got a fun and only moderately overwrought feature today on the DNS cache-poisoning vuln, and since at least three or four readers in the greater Puget Sound area are not geeks (or so I hear), they chose to take the human-interest approach and focus on hometown hero Dan Kaminsky and the process by which the news of the vuln was gotten out to the folks that needed to know.

Ah, the Need To Know. Once you wade through the purple prose about superheroes and tangled snakes of Ethernet cables, the article does a fair job of detailing what it took Kaminsky to get those folks who Needed To Know -- DNS father Paul Vixie, for starters -- into a room without tipping anyone off to the problem. But I suppose it wouldn't be a security story without some whiner in the comments claiming that Kaminsky went about things the way he did for the lulz fame -- sulking because they weren't apparently important enough to be in the room.

We're finally getting this vulnerability sort-of-kind-of nailed down, but it's worth saying once more: Some situations do not gain from the efforts of the hivemind, and a cataclysmic hole in a core Net service is one of those situations. (And whining because you weren't included doesn't make that any less true.) I'm quite sure that the whiny types will see the P-I article as further proof that Kaminsky is IN UR INTERWEBS STEALIN YR 15 MINUTZ or whatever, but all I see is a mainstream media outlet trying to give the civilians a sense of the drama and concern the security community felt as the breadth of the cache-poisoning mess was revealed. And the P-I's feature -- purple prose and all -- tells me that Kaminsky is a hero not just because he spotted the vuln, but because he acted conservatively and with discretion in a tricky situation.