Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Password App Developer Overlooks Security Hole to Preserve Ads

posted by cmn32480 on Monday June 06 2016, @02:22PM   Printer-friendly
from the they-gotta-be-kidding dept.

Fnord666 writes:

An engadget story has the following to say about KeePass2 and developer Dominik Reichl:

Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Password App Developer Overlooks Security Hole to Preserve Ads | Log In/Create an Account | Top | 47 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by theluggage on Monday June 06 2016, @05:57PM

    by theluggage (1797) on Monday June 06 2016, @05:57PM (#356014)

    However intercepting the unencrypted connection could result in users not being informed about a critical update

    Read the G.P post: the update.txt file is now digitally signed. Your method wouldn't work: even if the author's site has been pwn3d (which HTTPS is powerless to prevent) then the bad guys won't be able to sign the file. That solution is actually superior to using HTTPS.

    Oh, and remember: installing that critical update will invalidate the 6-week source code audit you performed on the current version before entrusting the launch codes for your personal nuclear arsenal to it.

    Seriously: even if your method worked it would be a minuscule risk: some weighing of risks in context is required. The biggest risk comes from pushing every update as critical and urgent and ignoring the real possibility of the update failing or introducing a regression.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Tuesday June 07 2016, @12:28PM

    by Anonymous Coward on Tuesday June 07 2016, @12:28PM (#356366)

    Read the G.P post: the update.txt file is now digitally signed.

    That doesn't help against serving an outdated version of that file, complete with its valid signature.

    • (Score: 2) by theluggage on Tuesday June 07 2016, @01:54PM

      by theluggage (1797) on Tuesday June 07 2016, @01:54PM (#356395)

      That doesn't help against serving an outdated version of that file, complete with its valid signature.

      So give the file an expiry date & renew it regularly. Oh, and if a security patch is so desperately critical that it is worth someone going to great effort to suppress it, don't rely on an optional automatic update notification as the sole means of publicising it.

      There comes a point at which encryption becomes equivalent to putting a steel door on a tent. HTTPS is firmly in that category, because it is only as strong as the infrastructure for issuing certificates - and that is weak by design because it has to allow users to visit sites without manually installing/verifying certificates.