Defending users of unprotected login pages with TrustBar 0.4.9.93

John Gilmore gnu at toad.com
Mon Sep 19 19:20:07 EDT 2005


Perhaps the idea of "automatically" redirecting people to alternative
pages goes a bit too far:

> 1. TrustBar will automatically download from our own server,
> periodically, a list of all of the unprotected login sites, including
> any alternate protected login pages we are aware of. By default,
> whenever a user accesses one of these unprotected pages, she will be
> automatically redirected to the alternate, protected login page.

How convenient!  So if I could hack your server, I could get all
TrustBar users' accesses -- to any predefined set of pages on the
Internet -- to be redirected to scam pages.

A redirect to an "untrustworthy" page is just as easy as a redirect to a
"trustworthy" page.  The question is who you trust.

> BTW, TrustBar is an open-source project, so if some of you want to
> provide it to your customers, possibly customized (branded) etc., there
> is no licensing required.

Also providing a handy platform for slightly modified versions, that will
take their cues from a less "trustworthy" list of redirects.

	John

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list