[ubuntu-uk] screencasts

Tony Arnold tony.arnold at manchester.ac.uk
Sun Nov 19 23:25:18 GMT 2006

Robert K. Day wrote:
> On Saturday 18 November 2006 23:46, Tony Arnold wrote:
> [snip]
>> As it is, there is no guarantee the site is owned by
>> who you think it it 
> [snip] 
> Well, there is; it's a .gov.uk address, which isn't publically registerable 
> and is only used for government websites.

That is not sufficient to make it secure! There are plenty of viruses,
for example, which plant fake entries in a PC's hosts file (usually on
Windows, I might add). This could be used to redirect to a fake version
of the site. The site itself could be hacked and then redirect requests
to a fake version of the site. And I won't even mention IP address
spoofing, although that may be a bit harder.

Maybe I'm paranoid, but I'm paid to be that way!

Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold

More information about the ubuntu-uk mailing list