I found this very upsetting.
-
I found this very upsetting. The security guys deciding a priori that it's hard to do so we don't need to concern ourselves. That hasn't worked out well in the past. You think they'd learn.
-
I found this very upsetting. The security guys deciding a priori that it's hard to do so we don't need to concern ourselves. That hasn't worked out well in the past. You think they'd learn.
@robpike this is baffling. With a stolen phone this appears to be trivially exploitable. The idea that "it's not being exploited so we don't need to fix it", is crazy. It's not being exploited because no one has bothered commoditising the exploit *yet*.
-
@robpike this is baffling. With a stolen phone this appears to be trivially exploitable. The idea that "it's not being exploited so we don't need to fix it", is crazy. It's not being exploited because no one has bothered commoditising the exploit *yet*.
@tmcfarlane @robpike on top of that a limit check for transit transactions seems pretty trivial to add.
