Skip to content

ER: Avoid prompts that users may not properly intepret on update signature validation #1009

Closed
@wdormann

Description

@wdormann

Checklist

  • I looked at https://github.com/pbatard/rufus/wiki/FAQ to see if my question has already been answered.
  • I performed a search in the issue tracker for similar issues, using keywords relevant to my problem.
  • I clicked the Log button in Rufus and copy/pasted the log into the line that says <FULL LOG> below.
  • The log I am copying is the FULL log, starting with the line Rufus version: x.y.z - I have NOT removed any part of it.

Issue description

Rufus checks for updates over HTTPS, however the update itself is downloaded over HTTP, which is insecure. See also:
https://insights.sei.cmu.edu/cert/2017/06/the-consequences-of-insecure-software-updates.html

Log

Rufus version: 2.15.1117
Windows version: Windows 7 SP1 32 bit
Syslinux versions: 4.07/2013-07-25, 6.03/2014-10-06
Grub versions: 0.4.6a, 2.02
System locale ID: 0x0409
Will use default UI locale 0x0409
SetLGP: Successfully set NoDriveTypeAutorun policy to 0x0000009E
Localization set to 'en-US'
0 devices found
Checking for Rufus updates...
Checking release channel...
New release version found!
Downloading 'rufus-2.16.exe' from http://rufus.akeo.ie/downloads/rufus-2.16.exe
File length: 961144 bytes
Successfully downloaded 'rufus-2.16.exe'

Metadata

Metadata

Assignees

Labels

No labels
No labels

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions