| Honestly I have to say this is the type of security article that annoys me the most. - Snarky and talks down about people not "in the know" about potential security issues. - Supreme confidence that they are super knowledgeable about how it "should" be done. - Fails to provide any actual demonstrable impact, but doing the old "left to the reader" as to how it's clearly exploitable. But when you drill into the details, they are just fundamentally wrong about how the product is even working, what is possible with the attack surface, and how components are interacting with each other. There are plenty of vulnerabilities out there, and companies do make stupid mistakes with regards to security in lots of situations. That doesn't mean that every pie in the sky idea you have (oh look, I did a kiosk escape, dot dot dot, clearly I can credit card skim now) is possible. |