On Fri, Mar 13, 2015 at 11:24 AM, Albert Astals Cid wrote:
> El Dimecres, 11 de març de 2015, a les 12:31:55, ChALkeR va escriure:
>> I was told that it is ok to send this to a public ML.
>>
>> As it is now, OCS providers.xml file (
>> http://download.kde.org/ocs/providers.xml ) is served via http
El Dimecres, 11 de març de 2015, a les 12:31:55, ChALkeR va escriure:
> I was told that it is ok to send this to a public ML.
>
> As it is now, OCS providers.xml file (
> http://download.kde.org/ocs/providers.xml ) is served via http, which
> breaks the https chain and allows a MitM attack replaci
I was told that it is ok to send this to a public ML.
As it is now, OCS providers.xml file (
http://download.kde.org/ocs/providers.xml ) is served via http, which
breaks the https chain and allows a MitM attack replacing the actual
provider location url with malicious provider url. Or downgrading
