~/.hosts patch
John Birrell
jb at what-creek.com
Wed Jun 21 07:31:27 UTC 2006
On Wed, Jun 21, 2006 at 12:20:36AM -0700, Luigi Rizzo wrote:
> On Wed, Jun 21, 2006 at 07:07:39AM +0000, John Birrell wrote:
> > The fact that a lot of innocent (naive) people don't use https and certificates?!
>
> and so they would happily click on
>
> <a href="http://www.666.org/gimmeyourmoney">Secure Link to Your Bank</a>
>
> so we are not opening much in terms of security holes...
You are making it worse because you open a new security hole:
<a href="https://www.paypal.com/">www.paypal.com</a>
does not take them to the _REAL_ www.paypal.com.
This is not an issue about phishing where:
<a href="http://some.dynamic.ip.addr/">www.paypal.com</a>
makes it look like the link takes them to PayPal when it really
doesn't.
Most banks still don't use certificates even though they use HTTP.
We need to retain the integrity of a DNS lookup. If there are any work
arounds required for poor DNS lookups, then let an administrator configure
them!
--
John Birrell
More information about the freebsd-current
mailing list