[nSLUG] Netscape

Richard Bonner ak621 at chebucto.ns.ca
Sat Jan 17 19:41:06 AST 2009


On Sat, 17 Jan 2009, Stephen Gregory wrote:

> Richard Bonner wrote:
>> ***   One can access one's bank account though Chebucto's shell
>> server. I do that and am completely isolated from the Internet. No
>> router, firewall or virus protection is required.
>
> You are still using the Internet to access those services. I fail to see
> how running the web browser (lynx) on someone else's computer
> (Chebucto's) lowers your level of risk.

***   It eliminates the risk to my computers, but as I said in that or 
another post, bad guys could crack Chebucto's server and access an 
account that way.


> If anything it is more risky. You now an unencrypted connection to 
> Chebucto. You are trusting Chebucto's physical and software 
> security. You are also trusting Chebucto's volunteers completely. It 
> would be trivial to capture your keystrokes sent to the Chebucto 
> shell server.

***   Chebucto's shell server is https compliant; would it not have 
to have security in place in order to be so?

    As for their volunteers, none are far enough up in the organisation 
that they would have access to personal accounts. Theoretically, some 
employees at any ISP must have such access. There must be safeguards 
in place.


> You still need some form of virus protection on your local computer 
> to protect against keyboard loggers (which can wait to upload the 
> log the next time you have an ip connection).

***   How might I get such a virus? It can't come down the shell 
server pipe unless I manually download and run an infected executable.


> This is not to say that Chebucto's service is insecure, but there is 
> a lot more to think about.
> -
> - sg

***   Understood.

  Richard



More information about the nSLUG mailing list