I think a better question is, once a vulnerability has become widespread public knowledge, do you expect malicious actors, malware authors and intelligence agencies of autocratic nation-states to obey a gentlemens' agreement not to exploit something?
false anology, or maybe just a subject switch. the 'attacker' was not a nation state nor intentionally malicious. it was a naïve researcher meaning no harm. in fact, i have co-authored with ítalo, and he is a very well meaning, and usually cautious, researcher. he just fell in with a crew with a rep for ops cluelessness that needed to demonstrate it once again. to nick's point. as nick knows, i am a naggumite; one of my few disagreements with dr postel. but there is a difference between writing protocol specs/code, and with sending packets on the global internet. rigor in the former, prudence in the latter. while it is tragicaly true that someone will be willing to load mrs schächter on the cattle car, it damned well ain't gonna be me. randy