1 Topic by aac49l

(2 replies, posted in Bugs & problems)

Must I really explain the implications of this?

Downloading the FireGPG update via insecure HTTP allows the potential for malware to be injected into the update.  Now we have malware in our system with access to our public/private keyring, possibly monitoring when we enter our secret-key passcode and uploading this information to some server in China.  Fantastic!

That's one scenario.  So, please, make the update use HTTPS.

Go to forum: Bugs & problems