Comment Was there an attack surface? Well, there is NOW. (Score 1) 146
I find it difficult to understand why anyone with even a cursory understanding of the contemporary threat environment wouldn't instantly dismiss this idea from any further consideration the moment that it was articulated. All such payment systems divide into two categories: (1) those that have been exploited and (2) those that are going to be exploited.
My expectation is that while I'm writing this, and while you're reading it, scammers are already gearing up to find ways to trick people into enabling this; that they're figuring out how to code web sites that take advantage of it; and that they're registering domains, setting up hosting, etc., in order to exploit it the moment it goes live -- so that they can do as much damage as possible before it's picked up by tech/non-tech journalists and before word spreads that it's something to watch out for.
A lot of people are going to be hurt by this, and when that happens the developers responsible for this debacle will (a) refuse to accept responsibility and (b) refuse to financially compensate them. Whether or not the victims will close ranks and file class-action litigation is an open question, but I certainly hope they do: those responsible for this should lose EVERYTHING as a result of their utterly irresponsible conduct.
My expectation is that while I'm writing this, and while you're reading it, scammers are already gearing up to find ways to trick people into enabling this; that they're figuring out how to code web sites that take advantage of it; and that they're registering domains, setting up hosting, etc., in order to exploit it the moment it goes live -- so that they can do as much damage as possible before it's picked up by tech/non-tech journalists and before word spreads that it's something to watch out for.
A lot of people are going to be hurt by this, and when that happens the developers responsible for this debacle will (a) refuse to accept responsibility and (b) refuse to financially compensate them. Whether or not the victims will close ranks and file class-action litigation is an open question, but I certainly hope they do: those responsible for this should lose EVERYTHING as a result of their utterly irresponsible conduct.