(The canonical location of this blog post is now Why unauthenticated software download is dangerous and unethical on my web site.)

Have you ever done svn checkout http://include-what-you-use.googlecode.com/svn/trunk/ include-what-you-use?

How about download; ./configure; make; make install when the connection is HTTP and you haven't checked your download against a cryptographic hash (e.g. SHA256) or public key (e.g. PGP) provided via an authenticated channel (e.g. HTTPS)? [1]

Have you ever done these while using coffee shop or train or cellular Internet without a VPN? Or even on home WiFi in a crowded area? [2]

It's not just you whose security is at risk by these deeds.
Read more... )

Profile

idupree

January 2014

S M T W T F S
   1234
567891011
12131415161718
19202122232425
262728293031 

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 20th, 2017 12:23 am
Powered by Dreamwidth Studios