Stories
Slash Boxes
Comments

SoylentNews is people

Password App Developer Overlooks Security Hole to Preserve Ads

posted by cmn32480 on Monday June 06 2016, @02:22PM   Printer-friendly
from the they-gotta-be-kidding dept.

Fnord666 writes:

An engadget story has the following to say about KeePass2 and developer Dominik Reichl:

Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Password App Developer Overlooks Security Hole to Preserve Ads | Log In/Create an Account | Top | 47 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by DannyB on Monday June 06 2016, @04:19PM

    by DannyB (5839) Subscriber Badge on Monday June 06 2016, @04:19PM (#355961) Journal

    Isn't it the advertising networks who are the real culprit here? Not KeePass nor its author.

    Advertising networks: willing to compromise everyone's security by making it preferable to use HTTP instead of HTTPS. (Not to mention being spreaders of malware through their ad networks.)

    --
    Young people won't believe you if you say you used to get Netflix by US Postal Mail.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Monday June 06 2016, @04:26PM

    by Anonymous Coward on Monday June 06 2016, @04:26PM (#355964)

    Since ad networks are often willing to distribute malware through their network the HTTPS thing is the least concern with them really.

  • (Score: 0) by Anonymous Coward on Monday June 06 2016, @07:31PM

    by Anonymous Coward on Monday June 06 2016, @07:31PM (#356064)

    "Isn't it the advertising networks who are the real culprit here? Not KeePass nor its author."

    If KeePass is willing to open their users to vulnerabilities just to get a bit of money, then no. Just because the advertisers are wrong, it doesn't mean everyone associated with them are innocent.

    • (Score: 1) by I Like Perl on Monday June 06 2016, @09:52PM

      by I Like Perl (6251) on Monday June 06 2016, @09:52PM (#356135)

      The KeePass users were never vulnerable to begin with.