ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    KeePass dev refuses to patch security hole in favor of ad revenue

    News
    keepass security vulnerability password managers lastpass
    13
    29
    5.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Alex Sage @dafyre
      last edited by

      @dafyre Once again, the problem is the updater, not the program it self. I think at the end of the day, it will be fixed.

      S D 2 Replies Last reply Reply Quote 0
      • S
        scottalanmiller @Alex Sage
        last edited by

        @aaronstuder said in KeePass dev refuses to patch security hole in favor of ad revenue:

        @dafyre Once again, the problem is the updater, not the program it self. I think at the end of the day, it will be fixed.

        Or forked.

        1 Reply Last reply Reply Quote 0
        • D
          dafyre @Alex Sage
          last edited by

          @aaronstuder said in KeePass dev refuses to patch security hole in favor of ad revenue:

          @dafyre Once again, the problem is the updater, not the program it self. I think at the end of the day, it will be fixed.

          True. But for an application such as Keepass, why risk it? KeePassX works fine with my existing database, and I no longer have to worry about an auto updater hijacking my passwords or otherwise infecting my computer with bugs.

          Note: I'm not terribly worried about it... but a little paranoia is safe when it comes to security.

          C 1 Reply Last reply Reply Quote 1
          • G
            gjacobse @scottalanmiller
            last edited by

            @scottalanmiller said in KeePass dev refuses to patch security hole in favor of ad revenue:

            I think KeePass with Chocolatey would bypass the insecure updater.

            There is also the option of just not installing it.

            For a number of years I have used the Portable App version.

            1 Reply Last reply Reply Quote 2
            • C
              Carnival Boy @dafyre
              last edited by

              @dafyre said in [KeePass dev refuses to patch security hole in favor of ad revenue]

              and I no longer have to worry about an auto updater hijacking my passwords or otherwise infecting my computer with bugs.

              There is no auto-updater. You have to manually download new versions from sourceforge. All this (non) issue is is a program that notifies you if there is a new version and advises you to (manually) download it.

              D 1 Reply Last reply Reply Quote 0
              • D
                dafyre @Carnival Boy
                last edited by

                @Carnival-Boy said in KeePass dev refuses to patch security hole in favor of ad revenue:

                @dafyre said in [KeePass dev refuses to patch security hole in favor of ad revenue]

                and I no longer have to worry about an auto updater hijacking my passwords or otherwise infecting my computer with bugs.

                There is no auto-updater. You have to manually download new versions from sourceforge. All this (non) issue is is a program that notifies you if there is a new version and advises you to (manually) download it.

                But said "update now" popup can redirect you wherever it wants assuming a hacked update popup. I know I'm pushing it, but as I said... a little paranoia can go a long way.

                1 Reply Last reply Reply Quote 0
                • D
                  Dashrender
                  last edited by

                  How does the popup that there is an update happen? Assuming it's that the app checks a website, we're just in for another Firesheep adventure.

                  1 Reply Last reply Reply Quote 0
                  • W
                    wrx7m
                    last edited by

                    I use Keepass and update via Ninite Pro. And I have never seen anything to do with ads in the 10 years I have been using it.

                    1 Reply Last reply Reply Quote 1
                    • S
                      stacksofplates
                      last edited by

                      So I guess I should have specified in the other thread. I use KeePassx and it's updated through yum. And the Android version of Keepass2Android (the one I use) isn't maintained by the same people.

                      1 Reply Last reply Reply Quote 0
                      • 1
                      • 2
                      • 2 / 2
                      • First post
                        Last post