I learned on Slashdot this morning that there is a new exploitable bug with USB. I’ve always wanted to be able to just plug in a usb key and have it run autohack.bat. ;)

But, SPI come on…what kind of responsible disclosure is this?! A quote on eWeek from your CTO?! Not to mention openly admitting that you haven’t informed Microsoft of the issue yet (even though it is a hardware issue) and then proceeding to promote your talk at Black Hat next week! Come on, SPI…I thought you were better than that. Or is this just some sort of security bug premature disclosure because you got so excited about finding a bug, you just couldn’t control yourself?