A friend of mine works for WhatsApp. I tried bringing the original article to his attention, but it went down that day. I've linked him to both articles now.
I agree about the need to disclose such security issues to the authors privately. While I understand the sentiment of others, that it's such an inherent issue in their design that it'll take time to fix, that's not really a reason to not give them a chance. If it had been 1-2 months after disclosure, and it still wasn't fix, then sure, grab your pitchforks. But the initial public disclosure was on Sept. 5. I don't know if there was any private disclosure, but 10 days is not a lot of time to fix these kinds of things.
Nevertheless, I've linked them to it, let's see what they do.
I agree about the need to disclose such security issues to the authors privately. While I understand the sentiment of others, that it's such an inherent issue in their design that it'll take time to fix, that's not really a reason to not give them a chance. If it had been 1-2 months after disclosure, and it still wasn't fix, then sure, grab your pitchforks. But the initial public disclosure was on Sept. 5. I don't know if there was any private disclosure, but 10 days is not a lot of time to fix these kinds of things.
Nevertheless, I've linked them to it, let's see what they do.