[nSLUG] Chebucto Security

Richard Bonner ak621 at chebucto.ns.ca
Thu Jan 22 09:32:16 AST 2009


On Wed, 21 Jan 2009, Jason Kenney wrote:

Richard asked:
>> ***   So how is a PPP connection any more secure?

> The difference is where the encryption is taking place.  If you are a
> dial-up user over PPP, your browser on your computer is the one doing
> the encrypting, before it gets sent out over the network to the ISP to
> be routed into the Internet.  You are trusting the integrity of your
> own computer.
>
> If you connect to Chebucto via dial-up to the shell and use lynx, then
> there is no encryption until the lynx browser *on the Chebucto server*
> encrypts the traffic.  The traffic from your computer to the Chebucto
> server is unencrpyted.  The traffic leaving Chebucto for the Internet
> is still encrypted.  You are trusting the integrity of the Chebucto
> server.

***   OK, I get it. Thanks, Jason.


> In this case I would argue you don't need to trust the integrity of
> your own computer so much, as you don't have a direct connection to
> the internet - while it would be possible to write a
> trojan/virus/keylogger that would capture and transmit this
> information to an attacker, it would be *significantly* more involved,
> and the pool of victims is minimal.  I suspect no such malicious
> software exists to this end.
>
> Jason
(Snip)

***   Nor do I. I can't see virus writers using their time to screw so 
few users.

  Richard



More information about the nSLUG mailing list