Yahoo screws up flaw disclosure, helps exploit writer
http://blogs.zdnet.com/security/?p=274