The below is an off-site archive of all tweets posted by @lopp ever

November 27th, 2014

If you run a financial application and deploy a new security feature, it should probably be opt-out, not opt-in.

via Twitter for Android

fnxTX -_-;
And the major non-client-side threat to @blockchain arch—MITM. A known vuln; why allow Tor connxn to touch privkeys?@julianorr
cc@loppp

via Twitter Web Client (retweeted on 7:53 AM, Nov 27th, 2014 via Twitter for Android)

fnxTX @lopp @blockchain And even worse, the DEFAULT settings would screw you, unless you had perfect email security. Suboptimal on their part.

via Twitter Web Client (retweeted on 7:13 AM, Nov 27th, 2014 via Twitter for Android)

fnxTX @lopp @blockchain Yep. So Blockchain itself isn’t insecure, but had serious Linux syndrome. Too many settings, too easy to screw yourself.

via Twitter Web Client (retweeted on 7:10 AM, Nov 27th, 2014 via Twitter for Android)

fnxTX @lopp As for @blockchain, biggest (ongoing) mistake was post-Heartbleed. By default, new accts got emailed a single-factor recovery key.

via Twitter Web Client (retweeted on 7:09 AM, Nov 27th, 2014 via Twitter for Android)

@fnxTX @blockchain Goes to show that you can’t expect users to educate themselves about security.

via Twitter for Android in reply to fnxTX

.@blockchain’s reputation continues to slide. Have yet to hear a response for how they intend to improve. reddit.com/r/Bitcoin/comm…

via Twitter for Android