I, for one, do not welcome the trend of information-free wankerism masquerading as security research. I would like proof-of-concept code, formatted in 80-column plain text, dropped on mailing lists. Not this unreadable javascript-laden junk that doesn't even tell me anything worth knowing.
Note how they drop the CVE number at the beginning of the article, even though it's not actually a published CVE yet. Is there any legitimate reason to do that other than to lend your news release a false air of authority to those who won't bother to go read the CVE?
Seriously. I call these "designer vulnerabilities"
They have little substance beyond a flashy name, logo and website giving the most generic of bullet points about their exploit.
Do a Google search and you'll find dozens of news articles harping about the designer vulnerability alongside the name of the company that discovered it. What could be a legitimate exploit dealt with through the channels we've always addressed them through becomes a marketing vehicle for info sec charlatans.
