BitDreams & Injust: So by your definition, I have found a security bug _in hotmail_, by going to google, searching for a hacked database dump of some random other site (i.e. not hotmail), find a random user with a @hotmail email and try to login to his mail by reusing his password from the other hacked site. If this work (which it does with enough tries), then it would be hotmail.com's fault? This is what your saying right now
I suggest you read this:
https://bitcointalksearch.org/topic/m.1695310 basically
the founder's "flaw" (which has been known for ages) is about finding people who leaks their private keys (just like leaking your mail+pass). Not protecting against this, is not - and will never - be a security flaw. It is, as I've said before, best practice to do whatever you can to stop user errors, but it the end it's the users fault. To quote Albert Einstein:
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."I have no idea how to say this.
Last week, if you googled site:instawallet.org
You would be greeted with at least 3000 wallets, many of them with bitcoins which you can click on that link and transfer those coins out.
If you googled site:hotmail.com
I would not be greeted with your inbox and read all your e-mails.
This not anywhere near the same issue, what they had was a SECURITY FLAW.
partially it was Google's fault, they (google) lie to people saying that a robots.txt ban means google doesn't index your site.
In reality it means they would not SPIDER the urls, it doesn't mean they won't list them.
Big difference, the hedge against that instawallet failed to address, hence why it became a security flaw.
but let's put all this aside, want to know the diffrence between a "flaw" and a "security flaw"
Nicolai, would you put all your bitcoins on Instawallet? Your answer should let you know the difference between a flaw and a security flaw.