Recently, Gawker.com got seriously hacked by some group calling themselves Gnosis. I saw no small number of media sources implying they deserved it for covering the AT&T information disclosure by Goatse Security. I feel there's a gigantic difference between these two events that needs to be discussed.
Gawker is a media source with a gigantic amount of integrity. Once upon a time, there was a Valleywag story (this was back when Valleywag was a separate website) that wasn't posted on Gawker mainpage. When it was found that incorrect information was contained within a story, they printed the correction on Gawker.com, and it was longer and more prevalently featured than the original story:http://valleywag.gawker.com/tech/breakdowns/drunk-editor-kills-the-gossip-item-you-care-about-282558.php
This event really stuck with me. Afterwards, I considered Gawker one of the media sources with utmost integrity. When the NYT makes a mistake on the frontpage the correction is in tiny print on page C30. Gawker held itself accountable to a level which few sources do, and I have to respect that. When they do wrong, they apologize.
What Goatse Security did was thought out to multiple degrees:
* The data we gathered was not disclosed publicly (only to Ryan Tate), we wanted to LIMIT the public's exposure to risk, not add to it. I believe we were successful at pursuing that goal.
* When a reporter (I forget whom) asked me if AT&T customers should replace their SIM cards, I answered negatively, as I did not feel that AT&T needed to have a bunch of paranoid customers demanding a new SIM. I felt, however, it was appropriate for some iPad owners (military, government and corporate leadership) to be able to be made aware of the issue that their iPad could be geolocated or have traffic intercepted. I thought that it was fair that the public know that if they did not check their email associated with the iPad ICC-ID, they could not be coaxed into clicking a malicious PDF link that could have allowed an attacker to takeover their iPad. Issues like this are important for people to be able to mitigate.
* I don't know. I said some inappropriate things about AT&T and the iPad, but that was only after AT&T called us malicious (which I did not feel was fair to us). I was defensive and ran my mouth a little too freely in response. I regret that. The comments these kids made in their readme file were straightforwardly mean from the very beginning.
Were some comments at Gawker ill advised and perhaps invited attack? Yes. I have made a lot of ill advised statements myself in the past, and cannot possibly throw a stone at them for that. The fact remains, Gawker is a cool bunch of people and one of the few journalist outlets which truly make a good effort to be fair and still get the bleeding edge of stories. They are a valuable resource to society, and I give them props for that.
The public disclosure of Gawker user emails and passwords is wrong. I feel really bad for them. The people who did this crossed a line into maliciousness that makes me sad. It is terrible, and I feel that they should come forward and apologize.