Where is the distinction between a quality mitigation that isn’t 100% but makes it harder for attackers and a low-quality mitigation? DEP, ASLR, stack cookies, etc are regularly bypassed by exploits but we’re not turning them off because they’re not 100%https://twitter.com/taviso/status/1065005842817155072 …
-
-
That’s fair. If the best a mitigation can offer is to break existing exploits and only requires a trivial amount of work by an attacker to fix, I agree it’s a waste of time.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
