Defending users of unprotected login pages with TrustBar 0.4.9.93
John Gilmore
gnu at toad.com
Mon Sep 19 19:20:07 EDT 2005
Perhaps the idea of "automatically" redirecting people to alternative
pages goes a bit too far:
> 1. TrustBar will automatically download from our own server,
> periodically, a list of all of the unprotected login sites, including
> any alternate protected login pages we are aware of. By default,
> whenever a user accesses one of these unprotected pages, she will be
> automatically redirected to the alternate, protected login page.
How convenient! So if I could hack your server, I could get all
TrustBar users' accesses -- to any predefined set of pages on the
Internet -- to be redirected to scam pages.
A redirect to an "untrustworthy" page is just as easy as a redirect to a
"trustworthy" page. The question is who you trust.
> BTW, TrustBar is an open-source project, so if some of you want to
> provide it to your customers, possibly customized (branded) etc., there
> is no licensing required.
Also providing a handy platform for slightly modified versions, that will
take their cues from a less "trustworthy" list of redirects.
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list