Mike Kuketz 🛡 on Nostr: Die Signatur-Problematik bei F-Droid ist offenbar noch immer nicht gelöst: "We find ...
Die Signatur-Problematik bei F-Droid ist offenbar noch immer nicht gelöst: "We find it concerning that F-Droid constantly chooses to move the goalposts and continues to rely on a fundamentally broken approach for certificate pinning, merely patching [15] known vulnerabilities without ever addressing the underlying cause." 😵👇
https://github.com/obfusk/fdroid-fakesigner-poc?tab=readme-ov-file#update-2025-01-19#fdroid #security #privacy #certpinning #signature
Published at
2025-01-21 20:28:55Event JSON
{
"id": "3710ba0194aeaa8e2f88340cb9fa2201ae533eaf0a81201f275d50127fff62c1",
"pubkey": "6192cf57a4514a58d898f35ceb22d1e0aaabcd9aafa19e39188ad05dcf4d650c",
"created_at": 1737491335,
"kind": 1,
"tags": [
[
"t",
"fdroid"
],
[
"t",
"security"
],
[
"t",
"privacy"
],
[
"t",
"certpinning"
],
[
"t",
"signature"
],
[
"proxy",
"https://social.tchncs.de/users/kuketzblog/statuses/113868232177058622",
"activitypub"
]
],
"content": "Die Signatur-Problematik bei F-Droid ist offenbar noch immer nicht gelöst: \"We find it concerning that F-Droid constantly chooses to move the goalposts and continues to rely on a fundamentally broken approach for certificate pinning, merely patching [15] known vulnerabilities without ever addressing the underlying cause.\" 😵👇\n\nhttps://github.com/obfusk/fdroid-fakesigner-poc?tab=readme-ov-file#update-2025-01-19\n\n#fdroid #security #privacy #certpinning #signature",
"sig": "98788dde302371ab79364ef6efc88605e7e947138d15721fea89dcfe633b7ed078f5db7526392088f693de640a470e4f9eb2145575ecc4bddea1a7f7336e306f"
}
