[oclug] TCP Wrapper problem
Zac 'zacs' Sprackett
zac at sprackett.com
Wed Aug 8 11:22:00 EDT 2001
> > But is it trivial to intercept an HTTP transfer? Yo! Hence the above
> > restriction on IP connections. (doesn't fix, but helps)
>
> True... I have not thought of that. Oh well, we are all screwed! :)
> The simple solution is not to use anyone else's machine :)
>
> Actually, I guess if you sign the applet yourself with your key then
> you can write the signature of that key on your arm. Then when you are
> about to sign the cert of the applet you confirm that it matches and
> if it does you know that either someone wrote on your arm while you
> were sleeping or the applet is secure. :)
The best solution I've come up with is to use SSH with OTP. This way you are
not trusting the local ssh binary.
-z
--
Zac Sprackett Software Engineer VA Linux Systems
zacs at valinux.com (613)270-8128 http://www.valinux.com
1024D/E1F06C16 0CED 5CC6 69EB FC49 0EB8 15C6 0D38 FAF1 E1F0 6C16
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20010808/621f69ff/attachment.bin
More information about the OCLUG
mailing list