Halvar Flake sent a mail with two hash values to the Daily Dave mailing list. Just the hash values, and nothing else. This is called a notarized advisory. Halvar found a vulnerability or something which he would like to keep a secret. He wrote a paper on it, calculated the hash of the paper and publicized the hash. When he's ready to let the secret out, say months from now, he can prove that he wrote that paper in Feb 2007 as he had circulated its hash in Feb. This is the next step in responsible vulnerability disclosure. Don't publish the exploit, just publish its hash. Share the vuln details only with the vendor. When the vendor releases the patch, he will credit you with the discovery. Months after that when it's safer, you can release the exploit if you want to. Because you had published the hash 9 months earlier, folks accept that you knew how to exploit it then. Below is the mail Halvar sent the list.
From: Halvar Flake (HalVar@gmx.de) Date: Mon Feb 05 2007 - 07:11:30 CST Hey all, for lack of a better place, I would like to post the following hash values: MD5Sum: 5e5ed3b92b2abbcc1adaa18cc0ca6aaf SHA1sum: FFECBE21E3EC93A5AC2B94889AD2967881398A9C Cheers, Halvar