Unsafe download of license file

For all your non-technical questions.
mmellon@ecrs.com
Posts: 2
Joined: Wed Aug 28, 2013 7:36 am

Unsafe download of license file

Postby mmellon@ecrs.com » Mon Jun 18, 2018 1:52 pm

Currently, when upgrading from one version of InstallAware to another, our employees must download a Windows executable from http://www.mimarsinan.com/customers/material/...

The download is not protected by https, and it is not digitally signed. This is unacceptably insecure, as a man-in-the-middle attack involving only DNS compromise could allow an attacker to distribute a maliciously modified exe to one of your customers.

Our corporate firewall by default blocks all .exe files downloaded over plain http. This is now the default for several enterprise-grade firewalls.

Could you please start hosting those license files over https and please sign them with Authenticode?

Thanks

Return to “Non-Technical”

Who is online

Users browsing this forum: No registered users and 5 guests