Tell HN: H&R Block tax software installs a TLS backdoor

148 points | by yifanlu 4 days ago

13 comments

  • larrybud 1 day ago
    No evidence of this on my windows 11 system, but I'm running the personal HRB software, not business.

    Also, a internet search for "WK ATX ServerHost 2024" shows that this certificate is likely related to some other tax software from Walters Kluwer. See https://www.wolterskluwer.com/en/solutions/atx, https://files.cchsfs.com/doc/atx/2024/Help/Content/Both-SSou... and https://support.atxinc.com/

    • raw_anon_1111 4 days ago
      When will these companies learn?

      https://michael.team/zoom/

      • WarOnPrivacy 3 days ago 

            "If you have an SSL error in your H&R Block Software, 
    here’s what you need to know."
        https://www.hrblock.com/tax-center/support/software/technica...
        • jwang987 1 day ago
          Users should not need to trust the software blindly, otherwise it's better just to use AI to file tax by yourself
          • TheClassic 3 days ago
            I have the non-business edition installed and still get a privacy error attempting to load your page, so this seems specific to the business edition. Thanks for the heads up.
            • giantg2 2 days ago
              I'm wondering if download source matters. Seems like most are downloaded straight from their site, but curious if they still offer CDs or if sellers like Amazon have the direct installer downloads.
              • altairprime 4 days ago
                Curious: is it carrying a SHA-1 self-signature?
                • musicale 3 days ago
                  Welcome to CrapOS 26H1! We think you'll love it. Also, if you install tax software it might enable anyone to read all of your "encrypted" TLS connections regardless of what browser or app you might be using.

                  Click "I AGREE" to accept this as part of our mandatory user abuse and subjugation agreement.

                  • GoldenMonkey 2 days ago
                    Aren't mac's more secure by default. Receive the warning using mac with h&r block 2025 installed.
                    [-]
                    • snarkanon 2 days ago
                      These stupid tax software companies' business editions seem to support only MS-Windows. No idea why, they already support macOS on other editions.

                      Anyone know of any business editions available on macOS?

                      [-]
                      • majorchord 2 days ago
                        > No idea why

                        Probably because business users on macs are a rounding error, no offense.

                    • sloaken 4 days ago
                      Thanks for the warning.
                      • cochinescu 3 days ago
                        [dead]