Password app developer overlooks safety gap to protect advertisements

Password app developer overlooks security hole to preserve ads

Sasa Nikolic by way of Getty Photographs

Assume it is dangerous when corporations take their time fixing safety vulnerabilities? Think about what occurs once they keep away from fixing these holes within the identify of slightly money. KeePass 2 developer Dominik Reichl has declined to patch a flaw within the password supervisor’s replace verify because the “oblique prices” of the improve (which might encrypt net visitors) are too excessive — specifically, it’d lose advert income. Sure, the implication is that revenue is extra necessary than defending customers.

The influence is probably fairly extreme, too. An attacker might hijack the replace course of and ship malware that might compromise your PC.

To his credit score, Reichl notes that he’d like to maneuver to encryption as quickly as he believes it is potential. You may also confirm that you simply’re getting a signed obtain, in the event you’re nervous. Nevertheless, it is nonetheless contradictory to develop a safety-centric app and determine that safety ought to take a again seat. Even when it is true that advert revenue would take a steep hit, the results of knowingly exposing individuals to assault (together with alienating those that as soon as trusted the password software) are possible much more extreme.