I agree they shouldn't have written it in such a "now let me embarrass you and show how right I am" way (and they also should have shown a lot more awareness of how embarrassing this was and, also of how: while infosec is super important, there are other priorities that need to be protected in how this is disclosed, too -- especially if they are hoping for constructive engagement with the orgs involved which, like it or not, is what practical security requires, if your point in disclosing is to make a meaningful positive difference, which is really important given the scale/scope of this vulnerability), but I don't think it worked out bad for these two judging from their Twitter feeds. I don't know them, but:
Two guys from (or based in) the Midwest:
Ian did his first DEFCON talk a couple weeks ago (https://x.com/iangcarroll), and Sam (the other author), was the guy that a couple years back Google accidentally sent 200K USD to, and has 81K X followers, and was recently singing the praises of that much lauded recent PHRACK article on "Hacking means understanding the world" (that was also popular round here): https://x.com/samwcyo/status/1823571295189008601
They both seem like legit security researchers from their X feeds.
I guess that petulance-tinged adolescent attitude is like the secret handshake of the security researcher world, which sounds too disparaging -- but it's not meant to be...only that probably that's what you need to expect from folks who "understand the world", where they're smarter, what's broken, and should be fixed.
I get how that attitude rubs people the wrong way and causes more harm than good - but I don't mind it much myself - I guess I just set high expectations for the kind of impact such folks could have, and I think they could have more impact if they adopted a more professional, collegiate attitude in their way of working.
But I guess that comes with the territory. Because it's really only the "outsiders" who will sit around poking at things to figure out how they work, and how to fix em, make em better. Those who feel themselves to be "rejects' from the normal world, in sense, are always gonna carry a bit of the tinge of that perspective with them. But, whaddayagonnado? Those are really only gonna be the ones who "understand the world", so you have to rely on them. Odd couples, that pairing. Between industry and these hackers.
Two guys from (or based in) the Midwest:
Ian did his first DEFCON talk a couple weeks ago (https://x.com/iangcarroll), and Sam (the other author), was the guy that a couple years back Google accidentally sent 200K USD to, and has 81K X followers, and was recently singing the praises of that much lauded recent PHRACK article on "Hacking means understanding the world" (that was also popular round here): https://x.com/samwcyo/status/1823571295189008601
They both seem like legit security researchers from their X feeds.
I guess that petulance-tinged adolescent attitude is like the secret handshake of the security researcher world, which sounds too disparaging -- but it's not meant to be...only that probably that's what you need to expect from folks who "understand the world", where they're smarter, what's broken, and should be fixed.
I get how that attitude rubs people the wrong way and causes more harm than good - but I don't mind it much myself - I guess I just set high expectations for the kind of impact such folks could have, and I think they could have more impact if they adopted a more professional, collegiate attitude in their way of working.
But I guess that comes with the territory. Because it's really only the "outsiders" who will sit around poking at things to figure out how they work, and how to fix em, make em better. Those who feel themselves to be "rejects' from the normal world, in sense, are always gonna carry a bit of the tinge of that perspective with them. But, whaddayagonnado? Those are really only gonna be the ones who "understand the world", so you have to rely on them. Odd couples, that pairing. Between industry and these hackers.