I think most of the "outrage" is with the complete lack of validation and the "This is a known workflow within our platform" response more than the ban. Any plans to address the issue other than reactive bans?
I think it's absolutely appropriate to sit down and talk about ways that we can prevent this, both in the short term and long term. I don't think it's as simple of a problem as some might suggest, because you've got to balance expected behavior, a reasonable expectation of convenience, and added security measures.
I don't think you can make a proper decision where you're only looking out for protection, or only looking out for convenience, or only looking out for expected behavior. I think you have to mesh all of these items together and make a change that addresses each item, and I don't think that's necessarily a one day discussion. Certainly security does come at a cost of convenience, and that is okay, but it is important not to toss convenience aside as something not worthy of consideration.
So yeah not trying to be vague, my position is not with engineering or security but with the support team. I do think we need to talk about this, and conversations are taking place, but I don't honestly have the ability to say "Yes we're going to implement _____ within ____ days" or something like that. At least not today.
