[Popcon-developers] Bug#880121: popularity-contest: popcon-upload should be made to POST over https
- Subject: [Popcon-developers] Bug#880121: popularity-contest: popcon-upload should be made to POST over https
- From: mat.jonczyk@o2.pl (Mateusz Jończyk)
- Date: Thu, 4 Jan 2018 10:54:42 +0100
- Message-id: <[🔎] f3306ec8-ca17-c7df-bd14-fd4b78829738@o2.pl>
- References: <20171029182127.tq6l3czg5borvb6p@betterave.cristau.org>
Hello,
It is known that NSA was using error messages from Windows to check which
software is installed on user computers and which software they can hack[1].
So uploading a list of installed software over plaintext is dangerous.
Please change severity to serious or higher.
>Maybe I am overoptimistic, but OpenPGP seems to be simpler and moving
>more slowly than TLS.
Internet Explorer 7 still can connect to most websites and was released
on October 18, 2006, which was 11 years ago.
IMHO it is more important to be secure then receive uploads from ancient clients.
Greetings,
Mateusz Jo?czyk
[1] http://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html
Reply to: