Disagree, mitigations are attack surface too, they add complexity and technical debt, so their value must be carefully considered. It's trivial to force attackers to incur one time costs, but it's not free for defenders. The benefit here is pretty negligible.
Right, here are the contrivances: Attacker only has one possible objective, and can't simply pivot to something else. Attacker only has one opportunity, can't just do it again. People don't reboot their phones (I reboot mine once a month for patches).
-
-
I understand that you think that this example is contrived; I'm saying it's not contrived for certain targets (diplomats, etc.) and certain attackers (APTs, etc.). Glad we can respectfully disagree with each other though. Thanks for sharing your thoughts on the matter.
-
Right, so because this happens to "many" people, do you have a citation? An APT that only has proximal exploits, is only interested in data that doesn't exist yet, and won't exist for at least a month, and a good reason why they cannot simply pivot to something else.
- 8 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.