|
|
|
|
|
|
by wereHamster
2875 days ago
|
|
|
> Maybe it worked because the user had taken the bug into account, maybe it worked because the user didn't notice - again, it doesn't matter. It worked for the user. That's also an argument for keeping security holes around. By definition those are bugs and users (albeit malicious ones) depend on them. How dare you fix a security hole and break a perfectly working exploit! |
|
|
Now, there is a tradeoff between security and convenience. That is also why fraud techniques haven't taken away credit cards as a thing. To that end, sometimes it is better to engineer a detection/mitigation strategy instead of removing the convenience.
And life seems to be full of more strawmen then makes sense. So, yes, you can easily find examples for this in either direction.