tony.arnold at manchester.ac.uk
Sun Nov 19 23:25:18 GMT 2006
Robert K. Day wrote:
> On Saturday 18 November 2006 23:46, Tony Arnold wrote:
>> As it is, there is no guarantee the site is owned by
>> who you think it it
> Well, there is; it's a .gov.uk address, which isn't publically registerable
> and is only used for government websites.
That is not sufficient to make it secure! There are plenty of viruses,
for example, which plant fake entries in a PC's hosts file (usually on
Windows, I might add). This could be used to redirect to a fake version
of the site. The site itself could be hacked and then redirect requests
to a fake version of the site. And I won't even mention IP address
spoofing, although that may be a bit harder.
Maybe I'm paranoid, but I'm paid to be that way!
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
More information about the ubuntu-uk