From owner-freebsd-current@FreeBSD.ORG Wed Jun 21 07:20:41 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E038C16A481; Wed, 21 Jun 2006 07:20:41 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A7AD43D55; Wed, 21 Jun 2006 07:20:36 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k5L7KaBR006729; Wed, 21 Jun 2006 00:20:36 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id k5L7KaH3006728; Wed, 21 Jun 2006 00:20:36 -0700 (PDT) (envelope-from rizzo) Date: Wed, 21 Jun 2006 00:20:36 -0700 From: Luigi Rizzo To: John Birrell Message-ID: <20060621002036.A6576@xorpc.icir.org> References: <4498D108.90907@rogers.com> <20060621053007.GA3320@odin.ac.hmc.edu> <4498DF20.8020803@rogers.com> <1150870137.78122.14.camel@spirit> <20060621082734.Q24109@beagle.kn.op.dlr.de> <20060621063816.GA32889@what-creek.com> <20060621000250.A6468@xorpc.icir.org> <20060621070739.GB35132@what-creek.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20060621070739.GB35132@what-creek.com>; from jb@what-creek.com on Wed, Jun 21, 2006 at 07:07:39AM +0000 Cc: freebsd-current@freebsd.org, Harti Brandt Subject: Re: ~/.hosts patch X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jun 2006 07:20:42 -0000 On Wed, Jun 21, 2006 at 07:07:39AM +0000, John Birrell wrote: > On Wed, Jun 21, 2006 at 12:02:50AM -0700, Luigi Rizzo wrote: > > On Wed, Jun 21, 2006 at 06:38:16AM +0000, John Birrell wrote: > > > On Wed, Jun 21, 2006 at 08:31:36AM +0200, Harti Brandt wrote: > > > > Wouldn't this enable the same kind of phishing attacks there are under > > > > windows? As far as I remember there are attacks where the hosts file > > > > (don't remember how its called under windows) is rewriten by a virus/java > > > > script/whatever to contain a different IP address for a given hostname? > > > > Suppose someone fakes the website of www.foobank.com, then manages to > > > > insert www.foobank.com with the wrong IP address into ~/.hosts? > > > > > > Ugh. Now that is a scary thought. > > > > and that's why people use https and certificates! > > what's the concern here ? > > The fact that a lot of innocent (naive) people don't use https and certificates?! and so they would happily click on Secure Link to Your Bank so we are not opening much in terms of security holes... cheers luigi