Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Pretty sure these guys have been doing something similar for a while now: https://www.lifeensured.com/

I wonder if PassMyWill has ever been audited for security vulnerabilities? LifeEnsured has: https://www.lifeensured.com/faqs#security

EDIT: lol. The login form on PassMyWill gets POST'd over HTTP.

EDIT2: Nope, the entire server doesn't support SSL. facepalm



I love how companies play up the security theater they have in place in their datacenters. If someone is going to try to get your data, the last place they're going to get it from is in person at your DC.


I think it's kind of a standard disclaimer. Notice they got the most important part right: independent review by experts.

Even people that do security well need to engage in security theater.


At any case, the data is encrypted in JS, so the transferred piece is worthless, anyway.


I wish I could dig up the HN story from a few months ago. Basically JS encryption is horribly broken and essentially worthless

Edit: ah, here it is http://news.ycombinator.com/item?id=2935220




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: