|C0nc3rn3d||PSI is not that secure|
|22nd Nov, 2013 22:59|
User Since: 13th Nov, 2013
System Score: N/A
Sorry for the short message on https://secunia.com/community/forum/thread/show/14... that mogs quickly closed. He must have thought it was a joke. But it wasn't. Anyway, thanks for the Wikipedia lesson, bro.
PSI downloads executables on the dl.secunia.com domain. Open up Wireshark, and see that it's NOT using SSL. The FAQ is nice and all, but of what use is it if it provides incorrect information?
Try, just like PSI, to download http://dl.secunia.com/SPS/AdobeFlashPlayer_11.9.90... However, the server does support SSL, but with an outdated certificate. This is not serious, for a security company.
The only reason I said it only *seems* to be susceptible to MitM is because you may use hash verifications. Or digital signature. Please tell me you do.
Anyway, even if you do, you are still sending plain-text requests about my softwares. For example, I don't want the guys at my uni to know what software I am using.
Have you heard of the LG Smart TV controversy? This seems pretty similar to me.
|mogs||RE: PSI is not that secure|
|23rd Nov, 2013 08:07|
User Since: 22nd Apr 2009
System Score: 100%
Any thread automatically locks after seven days if there's no activity on it. If I'd have thought you were joking, it's likely I wouldn't have replied at all.
It seems to me that any fears you may have ,will only be allayed by an explanation from Secunia Support. If they do not pick up on a thread....you can always e mail them....email@example.com
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.