Wiki & SSL
Lucian Adrian Grijincu
lucian.grijincu at gmail.com
Fri Oct 8 17:20:36 UTC 2010
On Fri, Oct 8, 2010 at 8:02 PM, Clint Byrum <clint at ubuntu.com> wrote:
> With SSL, this will at least show some very serious warnings about
> the SSL certificate. Even if he just redirects from the http port
> on wiki.ubuntu.com to https on his evil server, he will have to
> change the name, and the attack has yet another chance of being
> thwarted.
Yes, but what protection does this bring if:
* the speaker enters "wiki.ubuntu.com" in the browser (default to HTTP)
* the attacker does NOT redirect to a SSL site and just presents a
(malicious) HTTP page
* the speaker has no clue that wiki.ubuntu.com should normally be on HTTPS
I wasn't aware that wiki.ubuntu.com must be HTTPS. I may have noticed
it at some point, but I couldn't say if it always was HTTPS or not and
I don't think I'm alone.
--
.
..: Lucian
More information about the Ubuntu-devel-discuss
mailing list