SoylentNews

Password App Developer Overlooks Security Hole to Preserve Ads

posted by cmn32480 on Monday June 06 2016, @02:22PM   
from the they-gotta-be-kidding dept.

Fnord666 writes:

An engadget story has the following to say about KeePass2 and developer Dominik Reichl:

Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.

---

Original Submission

• Re:What Ads? Re:What Ads? (Score: 2) by zocalo on Monday June 06 2016, @08:33PM

  by zocalo (302) on Monday June 06 2016, @08:33PM (#356094)

  Which would be why I mentioned having the checksums on multiple independant sites.

  --
  UNIX? They're not even circumcised! Savages!

  Parent

  Starting Score:	1		point
  Karma-Bonus Modifier		+1
  Total Score:		2

• Re:What Ads? Re:What Ads? (Score: 0) by Anonymous Coward on Monday June 06 2016, @09:59PM

  by Anonymous Coward on Monday June 06 2016, @09:59PM (#356140)

  Then an attacker would only have to fake authorization to the white pages, just like vuze. Your idea is impractical.

  Parent

  • Re:What Ads? (Score: 2) by zocalo on Tuesday June 07 2016, @08:07AM

    by zocalo (302) on Tuesday June 07 2016, @08:07AM (#356322)

    Um, what? You do realise I'm just describing a mechanism that has been used by Linux distributions and many other things to verify download integrity without any major incidents not caused by human failings for decades, right?

    --
    UNIX? They're not even circumcised! Savages!

    Parent