The publication of rogue code which can format users' hard disks if they so much as visit a Web page with Internet Explorer (or read an e-mail message with Outlook or Outlook Express) has revived a furious debate among security experts regarding the ethics of disclosing exploit code.
For this reason, many computer security professionals have argued that it is unethical to publish code that makes it easy to exploit a security hole -- especially before the vendor of the buggy software has had a bit of warning & a chance to patch the code. Others, however, argue that vendors do not admit security problems, or patch them in a timely way, unless there is full disclosure. (The Bugtraq list, which embraces the latter point of view, publishes exploits as soon as they are available.) Wired news covers the ethics debate in this article
. But in the meantime, now that the cat's out of the bag, it's best to use an alternative browser (e.g. Opera or Mozilla) or disable scripting in IE.
Would you like to know more?