Submitted by brittney24 on Sat, 03/03/2018 - 23:58
Hey,
Is there any possibility of getting detached signature files from Andrew for the downloads?
I don't mean signature files for checksums (though they're useful), but checksums don't detect if files on a server have been tampered with. Since hackers have managed to replace files w/ maliciously altered versions on lots more than one or two major organizations, I'd appreciate detached .asc files, signed with Andrew's public key.
Submitted by war59312 on Sun, 08/28/2016 - 11:18
Hi,
Please upgrade the security a bit more.
Should use Upgrade Insecure Requests @ https://www.w3.org/TR/upgrade-insecure-requests/
Should enable HPKP (HTTP Public Key Pinning) @ https://report-uri.io/home/pkp_hash
Should use CSP (Content Security Policy) @ https://report-uri.io/home/generate
And other security headers @ https://bitcoinsecurityproject.org/WebApplicationSecurityPractices/Secur...
Thanks,
Will
Submitted by Anonymous (not verified) on Wed, 03/02/2011 - 10:17
Virus total found 4 risks http://www.virustotal.com/file-scan/report.html?id=7f41dd5ac4cac4a210776...
Submitted by Justin on Tue, 11/17/2009 - 05:32
Very fine software.
I have an important security concern I'm hoping you can help solve.
Question 1:
How can I be sure the .xml updates are legitimate and from you,
what checks are in place? Is there a method to verify the updates via hash or key or otherwise?
Question 2:
Can I accept 'all' updates at once without having to click OK to each one?
Thank you much.
Justin
