ak621 at chebucto.ns.ca
Wed Jan 21 10:09:05 AST 2009
On Sun, 18 Jan 2009, Ian Campbell wrote:
> On Sat, Jan 17, 2009 at 07:41:06PM -0400, Richard Bonner wrote:
>> *** Chebucto's shell server is https compliant; would it not have
>> to have security in place in order to be so?
> I don't use Chebucto, so I have no idea why HTTPS enters into a shell
> account at all...
*** I assumed it had to be https compliant so as to be able to
even get on secure websites.
> but if you SSH to the chebucto shell server and then
> run lynx to your banks HTTPS website, you're still vulnerable to
> someone who controls the shell server. They could trojan SSH, trojan
> lynx, they could leave both intact and trace the browser, they could
> even install a fake cert and redirect you to some random site, unless
> you're in the habit of comparing the certificate fingerprints to a
> known good set every time you'll be none the wiser.
*** I don't see that as being any different with any other ISP.
>> *** How might I get such a virus? It can't come down the shell
>> server pipe unless I manually download and run an infected executable.
> No, but few people use their machines as just a terminal.
*** I don't either, but for most of my Internet needs, it is fine.
More information about the nSLUG