Tuesday, August 24, 2021

A beneficial bug

from here

The only question I have about this vulnerability in pen-testing software that happens to be popular with the bad guys is: why are the developers fixing it?

It doesn't really seem like it would pose much of a problem for legitimate pen-testing, but it would definitely pose a problem for more criminal use-cases. Let the crooks suffer, I say. Make using that tool unpalatable to them so that they're forced to make their own tools instead of misusing the tools of the good guys. Make their lives harder by whatever means necessary.