Suppose Mallory has identified 100 websites that are vulnerable to high valued Cross Site Forgery attacks. (The administrators of these websites failed to use any of the trivial ways to prevent this. Some users, though they can’t fix the servers, still want to protect themselves.) Is Mallory going to make a site that attempts to entice a user to click a button that apparently won’t do anything, but will actually attempt an attack that will work if the user happens to have an account and be currently logged in to the one targeted site? Or is he going to create a site that has some interesting content that may even entice the user to come back later, that will silently run a script that attempts an attack on every vulnerable site Mallory knows, every time the user visits, without the user having to press any buttons?
You can also read browser history with CSS, without Javascript.
Good to know, though it would have been nice to actually provide a description or a link instead of making me search for it. Though, finding a weakness in my armor does not convince me to abandon my armor which still protects me against many threats. I will consider strengthening my armor. (Unfortunately, it appears the linked extension only supports Firefox 2, but I will see what else I can find.)
I agree with Vladimir Nesov—this is not relevant, and you seem to be using a soldier-argument.
Neither you nor Vladimir have even attempted to identify a single detail about Soldier-Arguments that describes my arguments. I really don’t care about your unsupported opinions that an argument that you happen to disagree with has committed some fallacy.
The weak arguments shouldn’t be used to defend a position. These arguments may lower the other side’s confidence, but they won’t sway the conclusion, and so asking to reconsider the conclusion by giving such arguments is fallacious. It’s also pretty much useless and maybe even misleading, as getting a better idea of the real state of things requires a much more systematic study than a few hand-picked arguments, which are likely to suffer from selection bias anyway.
You don’t defend the statement that a country is economically prosperous by mentioning one successful company.
The weak arguments shouldn’t be used to defend a position.
The argument is not weak. If you think it is, explain why it is weak, why it won’t sway the conclusion.
You don’t defend the statement that a country is economically prosperous by mentioning one successful company.
This is not a good analogy. Malicious hackers will systematically exploit the most dangerous vulnerabilities in a way that the people of a country can not systematically do business with the most successful company.
Keep in mind, I was refuting the assertion that using NoScript is stupid. As thomblake has already explained, any good reason one might have for using NoScript is evidence for my position.
Suppose Mallory has identified 100 websites that are vulnerable to high valued Cross Site Forgery attacks. (The administrators of these websites failed to use any of the trivial ways to prevent this. Some users, though they can’t fix the servers, still want to protect themselves.) Is Mallory going to make a site that attempts to entice a user to click a button that apparently won’t do anything, but will actually attempt an attack that will work if the user happens to have an account and be currently logged in to the one targeted site? Or is he going to create a site that has some interesting content that may even entice the user to come back later, that will silently run a script that attempts an attack on every vulnerable site Mallory knows, every time the user visits, without the user having to press any buttons?
Good to know, though it would have been nice to actually provide a description or a link instead of making me search for it. Though, finding a weakness in my armor does not convince me to abandon my armor which still protects me against many threats. I will consider strengthening my armor. (Unfortunately, it appears the linked extension only supports Firefox 2, but I will see what else I can find.)
Neither you nor Vladimir have even attempted to identify a single detail about Soldier-Arguments that describes my arguments. I really don’t care about your unsupported opinions that an argument that you happen to disagree with has committed some fallacy.
Why, I agree with the argument. It just isn’t a killer argument that determines the overall decision, and that is the problem with giving it.
Are you serious? We should only ever present arguments that are powerful enough to convince everyone and conclude the discussion?
The weak arguments shouldn’t be used to defend a position. These arguments may lower the other side’s confidence, but they won’t sway the conclusion, and so asking to reconsider the conclusion by giving such arguments is fallacious. It’s also pretty much useless and maybe even misleading, as getting a better idea of the real state of things requires a much more systematic study than a few hand-picked arguments, which are likely to suffer from selection bias anyway.
You don’t defend the statement that a country is economically prosperous by mentioning one successful company.
Think of this in the scientific evidence vs. rational evidence setting. The protocol is there to ensure more reliable performance.
The argument is not weak. If you think it is, explain why it is weak, why it won’t sway the conclusion.
This is not a good analogy. Malicious hackers will systematically exploit the most dangerous vulnerabilities in a way that the people of a country can not systematically do business with the most successful company.
Keep in mind, I was refuting the assertion that using NoScript is stupid. As thomblake has already explained, any good reason one might have for using NoScript is evidence for my position.