~/.hosts patch
Marcin Jessa
lists at yazzy.org
Wed Jun 21 08:07:20 UTC 2006
On Wed, 21 Jun 2006 07:31:23 +0000
John Birrell <jb at what-creek.com> wrote:
> On Wed, Jun 21, 2006 at 12:20:36AM -0700, Luigi Rizzo wrote:
> > On Wed, Jun 21, 2006 at 07:07:39AM +0000, John Birrell wrote:
> > > The fact that a lot of innocent (naive) people don't use https
> > > and certificates?!
> >
> > and so they would happily click on
> >
> > <a href="http://www.666.org/gimmeyourmoney">Secure Link to
> > Your Bank</a>
> >
> > so we are not opening much in terms of security holes...
>
> You are making it worse because you open a new security hole:
>
> <a href="https://www.paypal.com/">www.paypal.com</a>
>
> does not take them to the _REAL_ www.paypal.com.
>
> This is not an issue about phishing where:
>
> <a href="http://some.dynamic.ip.addr/">www.paypal.com</a>
>
> makes it look like the link takes them to PayPal when it really
> doesn't.
>
> Most banks still don't use certificates even though they use HTTP.
>
> We need to retain the integrity of a DNS lookup. If there are any work
> arounds required for poor DNS lookups, then let an administrator
> configure them!
Just add a global switch to enable/disable using of the ~/.hosts file
to i.e /etc/login.conf.
I personally find this feature very handy, especially on a desktop
with restricted access to the system.
Marcin.
More information about the freebsd-current
mailing list