On Fri, Oct 8, 2010 at 8:02 PM, Clint Byrum <cl...@ubuntu.com> wrote: > With SSL, this will at least show some very serious warnings about > the SSL certificate. Even if he just redirects from the http port > on wiki.ubuntu.com to https on his evil server, he will have to > change the name, and the attack has yet another chance of being > thwarted.
Yes, but what protection does this bring if: * the speaker enters "wiki.ubuntu.com" in the browser (default to HTTP) * the attacker does NOT redirect to a SSL site and just presents a (malicious) HTTP page * the speaker has no clue that wiki.ubuntu.com should normally be on HTTPS I wasn't aware that wiki.ubuntu.com must be HTTPS. I may have noticed it at some point, but I couldn't say if it always was HTTPS or not and I don't think I'm alone. -- . ..: Lucian -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss