Borrowing a page from Keith Olbermann's Countdown playbook, I nominate security researcher Michal Zalewski as today's the worst person in the world (of info security) for releasing details of a zero-day exploit of Internet Explorer as what he calls an act of "civil disobedience". For some reason, Zalewski thinks it's OK to put millions of IE users at risk to make a public statement about his issues with how Microsoft works with the security community.
As we used to say in my neighborhood growing up, "What a yutz!"
eWEEK has details concerning the exploit and Zalewski's "unapologetic" posture regarding his unilateral decision to go public with the exploit without sharing his findings with Microsoft. If you want the technical details, read their coverage. What has me shaking my head in disbelief is the unmitigated arrogance and complete lack of concern for consequences his grandstanding displays. The eWEEK article quotes Zalewski as saying,
"I didn't give an advance notification to Microsoft, because I strongly oppose their handling of the vulnerability patching process. Although I can't make a difference, it's the tiny bit of civil disobedience I can afford whenever I can reasonably believe that no immediate harm would be done to third parties."
I surely hope his "reasonable belief" is correct. If he's wrong, millions of people will potentially pay the price for this bonehead stunt. I'm in no mood to debate the merits of his justifications for taking this approach. It's a bad decision.