Organisms like viruses, bacteria and fungi don’t care about country borders. The US withdrawing from the WHO sadly just means that the world will be less capable in responding to emerging threats overall.

Edit: Still a good joke though ;)

Ah cmon now, stop spreading conspiracy theories. They probably just couldn’t prove citizenship and were deported.

my body weight in bees. Which now that I’ve said it out loud, is sort of terrifying

Not sure I understand correctly, did you imagine your body made out of bees? If so and if you like reading sci-fi you might enjoy Adrian Tchaikovsky’s Dogs of War.

I appreciate your reply and understand your perspective. I still don’t fully agree, it might be a matter of the point of view from which you look at this issue. But I think in essence we are on the same page.

Thanks for not abandoning the discussion!

The fact that this works just shows that most Americans humans are idiots

FTFY. If you believe that people in your country would be different when put in the same situation then I’m sorry but you are one of the idiots.

I’m genuinely curious what you would call this and what distinguishes it from a vulnerability.

Leaving aside responsibility, the system could have been set up in a way that wouldn’t have exposed user data but wasn’t. This is now fixed and user data isn’t exposed via this method any longer. What is the right word for what it was at the moment this flaw was discovered?

I’d argue that it is still a vulnerability in this scenario. But point taken, it’s always important to find the root cause and not just put blame on the person who stumbled into the trap.

It sounds like she’s very upset that Dansup made it explicit that he was fixing this issue, thinking that even exposing it in commit comments (which as we know get way more readership than blog posts) would mean people knew about it, and the less people that knew about it, the safer her partner’s information would be since she is continuing to do this apparently. You will not be surprised to discover that I think that type of thinking is also a mistake.

I agreed with you at first because from your description it sounded like she was saying security through obscurity was a good thing. But that’s not the case.

What she’s saying in the blog post is that this a 0-day and should be handled according to the best practices for 0-day disclosure.

You have to decide if you want to

• publish the findings before the fix -> more people will know and exploit the vulnerability but users might be aware and may or may not be able to mitigate sharing even more
• publish the findings after the fix -> the opposite

I don’t pretend to know enough to judge which option is the best. But I can’t fault the blog author for pointing out that Dansup didn’t follow best practices.

Not sure why this comment got downvoted. I think you took my banter well, so props from me at least.

Just pour it out and enjoy my comment without it :)

I guess it depends on if you want the yoghurt to taste like it was intended or if you rather have the taste you get when you subtract whatever portion of the yoghurt you poured out 🤷