All The Tropes

Could Say It, But...: Difference between revisions

Page Discussion

Could Say It, But... (view source)

Revision as of 16:53, 15 December 2021

14 bytes removed ,  2 years ago
m
no edit summary
VisualWikitext
(Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.8)
mNo edit summary
Line 1:
{{trope}}
{{quote|''"I'd'' '''''like''''' ''to help you, but I can't. I'd'' '''''like''''' ''to tell you to take a copy of your policy to Norma Wilcox on [Hands his client notepad and pen] - Norma Wilcox, W-I-L-C-O-X - on the 3rd floor, but I can't. I also do'' '''''not''''' ''advise you to fill out and file a WS-2574 form with our legal department on the 2nd floor. I would not expect someone to get back to you quickly to resolve the matter. I'd like to help, but there's nothing I can do."''
|'''Bob Parr''', ''[[The Incredibles]]''}}
 
Bob wants to say something, but for whatever reason can't. Maybe he'd risk his job if he spoke up, or maybe he just doesn't want to look crazy or malicious. Anyway, Bob gets around this by mentioning it but pretending he isn't, as in, "Well I could tell you that the shutoff switch to the doomsday machine is down the hall, first right, second left, behind the water cooler, but I won't do that because I'd lose my job." In other words, he '''Could Say It, But...''' he won't. Except he just did.
 
Sometimes used as an insult, especially in politics. For example, "I refuse to stoop to the level of calling my opponent a corrupt, greedy [[Slime Ball]]."
Line 253:
** Even security experts occasionally don't see this trap. E.g. an antivirus runs suspicious files in an emulator and its coders [//web.archive.org/web/1/bugs.chromium.org/p/project-zero/issues/detail?id=769#c2 presumed that non-state changing requests can be safely passed to OS as is] (it's faster). [[What Could Possibly Go Wrong?]] OS is Windows and APIs to which they pass humble read-only requests include both ''reading'' keyboard state, and ''reading'' attributes of files that aren't necessarily local, but may be URL somewhere on Internet. The result: malware only needs to change directory (which checks its attributes) to "<nowiki>http://www.WeHostHomePages.com/~Im_11_yrs_old_and_what_is_this/more-cat-pictures(</nowiki>''your_key_presses_go_here''<nowiki>)/</nowiki>", the remote server only needs to log request for a non-existent location as an error... and that's how a hacker got in an easily filtered text file all the passwords you typed while the file you have downloaded, but never started ran again and again.
** Another exfiltration trick falling under this uses the fact that error messages are a debugging mechanism, thus designed for the developer's convenience and not always subjected to very strict security measures. After all, it would just report a ''failure to'' serve any useful data and echo the request that caused it (which the same user have sent in the first place), right? But in combination with certain other generic and excessively user-friendly functionality it may say too much. The target machine receives a request as XML which amounts to an overcomplicated form of something like "give me <nowiki>./public/herp-derp#(contents of /etc/passwd)</nowiki>", and answers with "Error! We cannot give you <nowiki>./public/herp-derp#[actual contents of /etc/passwd]</nowiki> (No such file or directory)" (see [//christian-schneider.net/GenericXxeDetection.html here and in references]).
----
 
{{examples|...but I'd get in trouble if I did.}}
 
{{reflist}}
[[Category:{{PAGENAME}}]]
 
[[Category:Comedy Tropes]]
[[Category:Truth in Television]]
[[Category:Older Than Feudalism]]
[[Category:Self-Demonstrating Article]]
[[Category:{{PAGENAME}}]]
Retrieved from "https://allthetropes.org/wiki/Special:MobileDiff/1944760"