Latest in Culture

Image credit: Sasa Nikolic via Getty Images

Password app developer overlooks security hole to preserve ads

KeePass wants to improve security, but money wins in the short term.
33 Shares
Share
Tweet
Share
Save

Sponsored Links

Sasa Nikolic via Getty Images

Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.

The impact is potentially quite severe, too. An attacker could hijack the update process and deliver malware that would compromise your PC.

To his credit, Reichl notes that he'd like to move to encryption as soon as he believes it's possible. You can also verify that you're getting a signed download, if you're worried. However, it's still contradictory to develop a security-centric app and decide that security should take a back seat. Even if it's true that ad income would take a steep hit, the consequences of knowingly exposing people to attack (including alienating those who once trusted the password tool) are likely far more severe.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
33 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

View
Watch the 'Android' Nokia phone that never had a chance to exist

Watch the 'Android' Nokia phone that never had a chance to exist

View
TiVo tries running pre-roll ads before your recorded shows

TiVo tries running pre-roll ads before your recorded shows

View
YouTube CEO apologizes for channel verification mess (updated)

YouTube CEO apologizes for channel verification mess (updated)

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr