Since I wrote that text, I think I can comment on it...
> I hope these beliefs that the cracking community is somehow technically
> inept and incapable of keeping up with the literature and overcoming
> simple obstacles is not widespread.
I am not operating under the illusion that the people who write the
exploits for these things are stupid. That text was based on the fact that
we've had absolutely no reports of anybody actually exploiting that
vulnerability. Not one.
I'm not dumb enough to try to say that it's never been exploited. It may
have been, and it may not have been. However, if a lot of people knew how
to do it, I'd expect it to happen often enough that somebody would
eventually notice it and report it.
There are relatively few crackers who actually write their own code, and
there are lots of security holes. The "literature" to which you refer is
very large. I don't have to think they're incompetent to think that they
probably haven't discovered this hole yet. I just think they're busy with
other things.
-- John B.