

Security issue in blockchain.info's Android app - _jomo
https://www.reddit.com/r/Bitcoin/comments/37oxow/the_security_issue_of_blockchaininfos_android/crolfk4

======
jaimebuelta

      And the final mistake: They were using HTTP instead of HTTPS
      to make the webservice call to random.org. On Jan 4, random.org started 
      enforcing HTTPS and returning a 301 Permanently Moved error for HTTP - see
      https://www.random.org/news/. So since that date, the entropy has actually 
      been the error message (turned into bytes) instead of the expected 256-bit number.
    

This is so ridiculous I'm not sure if I should cry or laugh...

