You're all following @HTTPshaming....riiiiight?
-
-
@slightlylate shotgun method hits some real vulns, but generates FUD/bullshit as well, which is why I don't take@httpshaming seriously. -
@pornelski : How did you get a binary that you trust from VLC? Trusting code signing? /cc@httpshaming - 1 more reply
New conversation -
-
-
@slightlylate so instead of knee-jerk "port 80 bad!" I'd prefer them to actually check what is vulnerable and report it properly. -
@pornelski also, just for the record: port 80 BAD. - 2 more replies
New conversation -
-
-
@slightlylate@pornelski Uh, nobody affiliated with HTTP Shaming filed the VLC bug. -
@slightlylate@pornelski Love VLC, but yes, serving binaries over HTTP is bad, even with sigs. This has been covered:http://httpshaming.tumblr.com/post/95160721901/but-its-signed …
End of conversation
New conversation -
-
-
@slightlylate The website should be HTTPS indeed, but the bug was specifically about updater, which is secured by https://github.com/sparkle-project/Sparkle/blob/master/Sparkle/SUDSAVerifier.m#L92 …Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.