Stories
Slash Boxes
Comments

SoylentNews is people

Password App Developer Overlooks Security Hole to Preserve Ads

posted by cmn32480 on Monday June 06 2016, @02:22PM   Printer-friendly
from the they-gotta-be-kidding dept.

Fnord666 writes:

An engadget story has the following to say about KeePass2 and developer Dominik Reichl:

Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Password App Developer Overlooks Security Hole to Preserve Ads | Log In/Create an Account | Top | 47 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by NotSanguine on Monday June 06 2016, @07:18PM

    by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Monday June 06 2016, @07:18PM (#356059) Homepage Journal

    Running the insecure OS inside a VM on a secure OS solves incompatibility with applications but not incompatibility with hardware. Good luck getting Bluetooth, Wi-Fi, camera, audio, and suspend working on an ASUS T100TA or X205TA using only free software.

    There is such a thing as perfect security. It involves powering off your hardware, unplugging everything and then storing said hardware in a locked vault buried in steel reinforced concrete in your back yard. And then never leave your home long enough to allow someone to breach the concrete and break into the vault. Booby traps would be useful too, I imagine. I'd also recommend lots of lethal weapons and trustworthy mercenaries (so you can sleep once in a while).

    Unfortunately, this causes some minor usability issues.

    As such the issue isn't making things perfectly secure, rather it's securing your data within budgetary and usability constraints.

    If your data is valuable enough, purchasing new hardware that works with the software you build from audited sources yourself (don't forget to audit and build the compiler(s) from source too!) is a small price to pay.

    Can you say "cost/benefit analysis"? Sure you can. I knew you could!

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2