Thread: IPSEC wireless router ?
View Single Post
  #36 (permalink)  
Old 09-26-2005, 09:46 PM
DEMAINE Benoit-Pierre
Guest
  
Posts: n/a
Default Re: IPSEC wireless router ?
Jeff Liebermann wrote:
> On 25 Sep 2005 12:33:53 -0700, lynn@garlic.com wrote:
>
> I'll risk a bit of topic drift here...

u cant be more offtopic that those 2 insulting guys ...

> We're talking about a home user with probably a handful of potential
> users. The alleged benefit of PKI is that it authenticates the
> terminating web pages as being whom they claim to be.

if you consider really secure systems, those where the user is really user, and not
root or admin ...

how could a simple user land browser install a certificate the kernel could use to
establish a new network layer ?

that would require right separation that are planed in GNU/Hurd, and not that stable
in UML, or fuse ...

=> point is: there is no use to tell about SSL support of browser:
root ought to
wget gateway/certificate
then restart a daemon ...

> I've setup
> bogus servers to see how typical clients react. I've found that some
> method of authentication is a required as almost all users are
> clueless when a counterfeit web page appears. I even got caught in my
> own trap when I forgot to turn it off one day. Same with a faked SSID
> hot spot running HostAP. One doesn't really "need" PKI and a CA to do
> the authentication, but methinks it is generally a good idea.

one point for you (regarding most admins thinking ...)

about me:
I am the only admin on all box I install, especially on my familly's computers ...

and that is not enough yet to prevent them doing stupid things ...

the worse things are now impossible to them:
- I hey, I found that free demo CD in supermarket, but it says I have no right to
install it
- I made you not to have this right because I knew you would try to install it !

what happened for real:
- I was given this CD that offers cheap internet access
- you already have cheap internet access for the same price as the one on your new
CD, exept that you attemp to install your stuipd CD broke IE down

by that time, my dad was admin on the box, and the CD broke out all GUI of IE,
including home page, connection params, bookmarks and so on ... after what my
brother (7y more experience in IT than me) founded about 18 troyans on their (live)
box ... I founded 8 more ones using offline scan ...

(hell, a brother who claims to be IT professionnal, and does AV scan on a live box
.... I cant believe it)

--
DEMAINE Benoit-Pierre (aka DoubleHP ) http://www.demaine.info/
\_o< If computing were an exact science, IT engineers would not have work >o_/

Reply With Quote