Robert K. Day wrote: > On Saturday 18 November 2006 23:46, Tony Arnold wrote: > [snip] >> As it is, there is no guarantee the site is owned by >> who you think it it > [snip] > > Well, there is; it's a .gov.uk address, which isn't publically registerable > and is only used for government websites.
That is not sufficient to make it secure! There are plenty of viruses, for example, which plant fake entries in a PC's hosts file (usually on Windows, I might add). This could be used to redirect to a fake version of the site. The site itself could be hacked and then redirect requests to a fake version of the site. And I won't even mention IP address spoofing, although that may be a bit harder. Maybe I'm paranoid, but I'm paid to be that way! Regards, Tony. -- Tony Arnold, IT Security Coordinator, University of Manchester, IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL. T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039 E: [EMAIL PROTECTED], H: http://www.man.ac.uk/Tony.Arnold -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
