Web lists-archives.com

Re: SSL not required for setup.exe download




On 3/12/19, Andrey Repin wrote:
> Greetings, Lee!
>
>>> It gives you false sense of security. What is worse, everybody is
>>> attempting
>>> to reassure this false sense on every possible occasion.
>
>> I don't think it's a false sense of security.  https:// isn't "safe"
>> but it is _safer_ than http://
>
> Yep. Now, let's recall mcafee, norton, kaspersky, avast… and all those
> other
> "antiviruses" that proxy all TLS traffic through their own root certificate
> proxy.

But you did that to yourself.  Hopefully you evaluated the risk/reward
in letting your a/v intercept everything.  Or are at least aware that
your a/v is intercepting everything.

Altho I have a feeling most home users aren't aware of
  https://www.us-cert.gov/ncas/alerts/TA17-075A
I haven't been paying attention - hopefully the situation has improved.

Regards,
Lee

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple