It absolves certain victims from failing to take the necessary precautions required to reasonably reduce their likelihood of suffering the crime in the first place.
If your car gets nicked because you left it running while you popped into a Bradford corner shop, then you absolutely need to shoulder some of the blame.
If your PC gets compromised to the point that somebody has opened a back door and assumed Administrator rights, it's probably because you clicked on something you shouldn't have. Again, insufficient precaution.
(, Sat 9 May 2026, 21:04, Reply)
Unless you're one of those idealistic fuckwits who dreams of a world with absolutely no crime at all and we can leave our doors unlocked while we go on holiday without the fear of being burgled, in which case there wouldn't be any victims of crime in the first place.
(, Sun 10 May 2026, 4:54, Reply)
then it's ok because if something happens someone else is to blame
I think I understand, but it's not the most coherent position
(, Sun 10 May 2026, 10:34, Reply)
Just take the loss and move on.
(, Sun 10 May 2026, 13:02, Reply)
I forget that I'm talking to someone whose opinions far exceed his knowlege
"From a defensive perspective, storing passwords in clear-text memory violates the principles of least privilege, zero trust, and secure application design," Morey Haber, chief security advisor at security provider BeyondTrust, told ZDNET. "It is simply just a bad idea. If a password can be read in memory by a human or malicious process, it is no longer a protected secret. It is already compromised in principle through clear-text storage in an already insecure medium.Hopefully, Microsoft will see this as a security flaw and adopt the same method used in Chrome and other browsers to decrypt passwords only when needed. Until then, I'd advise against using Edge as your password manager."
Haber says that process memory is viewed by modern operating systems as a protected, albeit shared, resource. “Debuggers, crash dumps, memory scrapers, malware, privileged insiders, endpoint agents, and even legitimate administration tools can all interact with memory under the right conditions,” he explains. “If a password exists in clear text within memory, the credential is no longer protected by encryption or hashing. It is simply waiting to be used by something and potentially anything.”
According to Haber, malicious actors understand very well the risk of a stored plaintext password — and sometimes, they understand it better than organizations themselves.
“Some of the most effective post exploitation techniques in cybersecurity rely entirely on memory extraction from credential dumping tools through process crash dumps,” he states. "Once extracted, that password can enable privilege escalation, lateral movement, persistence, and unauthorized remote access across the environment."
Or
"The fact that cleartext passwords exist in memory is one thing - the core issue is that other processes can read this memory without restriction," Craig Lurey, CTO and co-founder of Keeper Security, told ISMG. "Windows does not prevent a non-elevated program from reading the memory of another program running under the same user context. The consequence is that sensitive data kept in memory by applications can be targeted by local malware."
The risk is particularly acute in enterprise environments using shared infrastructure such as Citrix servers, virtual desktop infrastructure and remote desktop systems, where multiple users may operate on the same machine. An attacker with administrative access on a terminal server can read the memory of every user process running on the machine, including sessions that are disconnected. But Chrome handles passwords very differently. It only decrypts a password at the moment it is actually needed, such as during autofill. Chrome also uses a feature called Application-Bound Encryption, which ties the decryption keys to an authenticated Chrome process, making it significantly harder for attackers to pull passwords out of memory.
(, Sun 10 May 2026, 14:23, Reply)