[Popcon-developers] Bug#880121: popularity-contest: popcon-upload should be made to POST over https
Mateusz Jończyk
mat.jonczyk at o2.pl
Thu Jan 4 09:54:42 UTC 2018
Hello,
It is known that NSA was using error messages from Windows to check which
software is installed on user computers and which software they can hack[1].
So uploading a list of installed software over plaintext is dangerous.
Please change severity to serious or higher.
>Maybe I am overoptimistic, but OpenPGP seems to be simpler and moving
>more slowly than TLS.
Internet Explorer 7 still can connect to most websites and was released
on October 18, 2006, which was 11 years ago.
IMHO it is more important to be secure then receive uploads from ancient clients.
Greetings,
Mateusz Jończyk
[1] http://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html
More information about the Popcon-developers
mailing list