Fact is, these CSS and CSRF bugs are common as dirt on the Web, and now somebody has found them in RSS readers. If you’d bothered to read my article, you’d see that I do name specific products affected and urge people to write more secure software.

If it weren’t for what you dismiss as “fear-mongering,” nobody would know about these kinds of bugs at all, leaving consumers vulnerable and developers clueless.

Cross-site scripting bugs are not new, but the right answer is to fix the bugs in the RSS readers that the Black Hat session demonstrated, as well as to use caution: doing your online banking at the same time as reading obscure porn blogs might not be a good idea.

What amazes me are the Luddites who are terrified that the net is going to snatch all their money away, but who don’t hesitate to turn their actual, physical credit card over to a server or busser that they’ve never met.

Instead of your generalized fear-mongering, you could do more investigation and try to steer your readers away from particularly buggy and ill-maintained RSS readers, as well as to recommend practices for bloggers to avoid problems in this area.