SoylentNews is people
SoylentNews
An engadget story has the following to say about KeePass2 and developer Dominik Reichl:
Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.
This discussion has been archived.
No new comments can be posted.
Password App Developer Overlooks Security Hole to Preserve Ads
|
Log In/Create an Account
| Top
| 47 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
No animal should ever jump on the dining room furniture unless
absolutely certain he can hold his own in conversation.
-- Fran Lebowitz
(Score: 0) by Anonymous Coward on Monday June 06 2016, @03:49PM
I agree that there could still be a minor problem caused by it. Your example was great.
That's also why I said that this is a tempest in a teapot. Many of the articles that I've seen about this in the last 24 hours are misrepresenting the facts. Stories are being sensational and inventing facts, talking about keepass downloading and installing updates (which it can't do) via HTTP and saying that users could get infected with malware.
The problem and its severity and impact are being blown way out of proportion. As a keepass user it irritates me because I see a free software developer getting shit on by the tech media in order to manufacture outrage and get their articles more views (i.e., more ad revenue).