Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Monday June 22 2015, @02:30AM   Printer-friendly
from the opposite-day dept.

http://arstechnica.com/security/2015/06/game-over-https-defects-in-dozens-of-android-apps-expose-user-passwords/

Many Android apps in the Google App store do not properly use HTTPS for logins, thus exposing user passwords.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by nyder on Monday June 22 2015, @04:48AM

    by nyder (4525) on Monday June 22 2015, @04:48AM (#199290)

    Honestly, I think this is Google fault. They should provide all the necessary security in their API's, have a secure password API already, so the Dick, Jane & Harry part time programmers don't put out insecure apps. While great programmers might not want to use that sort of stuff because they can do better or like to have control over how secure it is, most programmers are idiots and do not understand that stuff. So give them the tools so they can't make dumb ass mistakes like that.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Interesting=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by Geotti on Monday June 22 2015, @07:54AM

    by Geotti (1146) on Monday June 22 2015, @07:54AM (#199319) Journal

    While we're at it, let's punish all those people who provide copypaste solutions without a disclaimer that the provided solution has to be vetted by a Certified Software Security Officer to be considered safe to use. That'll show em!

  • (Score: 2) by gidds on Tuesday June 23 2015, @01:14PM

    by gidds (589) on Tuesday June 23 2015, @01:14PM (#199859)

    That makes a lot of sense.

    However, looking at it from the other side, if Google did provide an API, who'd trust it?

    --
    [sig redacted]