** Information type changed from Private Security to Public Security
** Changed in: ubuntu-geoip (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-geoip in Ubuntu.
https://bugs.launchpad.net/bugs/1617535
Title:
geoip.ubuntu.com does not utilize HTTPS
Status in ubuntu-geoip package in Ubuntu:
Incomplete
Bug description:
geoip.ubuntu.com does not utilize HTTPS and leaks unencrypted over
HTTP. This can potentially be utilized by nation state adversaries to
compromise user privacy. This service is called multiple times per day
by the OS in order to track users.
$ nc -zv geoip.ubuntu.com 80
Connection to geoip.ubuntu.com 80 port [tcp/http] succeeded!
$ nc -zv -w 3 geoip.ubuntu.com 443
nc: connect to geoip.ubuntu.com port 443 (tcp) timed out
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-geoip/+bug/1617535/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
