Hacker News new | past | comments | ask | show | jobs | submit login

Just because a skilled attacker can trivially find the information, doesn't mean that the 15 year old kid living next door to you can find it. Now they can.

The problem doesn't stem from giving information to "l33t hax0rz" but rather providing the key information that can be abused by anyone with a computer and half a brain. They are the ones more likely to make use of it in a widespread and destructive manner.

But with that said, most developers don't care if you tell them this stuff directly since it's simply information and not a proof of concept. Until someone starts using it and shows them that its actually a problem that is affecting their product they usually write it off as paranoia.




The whole point is that you didn't have to be a skilled attacker to figure out anything mentioned in the post. If the author had discovered an obscure security hole that allowed him to access sensitive information, then yes he's only going to make the problem worse by distributing that information online.

But it does not take a skilled attacker to "hack" a system where messages are being sent in plain text.


My point is that most of the threats exposed don't take elite hacker, or even "l33t hax0rz", skills to discover. A hugely greater percentage of people are going to hear about this and say, "oh, I should switch to something else" or "oh, I shouldn't say sensitive things" than are going to fail to hear about this and be snooped on by someone who did and wouldn't have figured it out anyway.


Yeah I mostly agree with you, except that I highly doubt that most people who use WhatsApp will actually hear about it having a security issue, let alone care about it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: