undefined | Better HN

0 pointsthomastjeffery8y ago0 comments

Obviously this isn't the best way to disclose a security flaw.

That does not make it malicious.

Sure, there are more malicious people aware of this security flaw, but there are also more users aware of this security flaw, and the simple steps they can take to mitigate it.

0 comments

sdmadf28348y ago

Yep, just saying that if he's not malicious (intending to maximize harm to users), then he's an idiot for disclosing it this way.

thomastjefferyOP8y ago

Or just didn't know what the best practice was.

Since this is a flaw any user can run into, I wouldn't get so mad about someone who doesn't know best practice running into it.

I am much more concerned that such an obvious tractable flaw exists in the first place.

j / k navigate · click thread line to collapse