[clue-tech] ssh, vim helper
Peter Kuykendall
peterkuykendall at hotmail.com
Sun Oct 19 06:47:12 MDT 2008
I work at a very large telecom company. A while back our IT department
published an instruction document telling us how to connect to the wireless
network. They explicitly told us to click through a bad SSL certificate. I
was flabbergasted! I tried to explain why this was a terrible idea but
nobody was interested.
Just a couple of weeks ago the company experienced a virus outbreak. IT
then admonished people not to open attachments, etc. What a joke.
----- Original Message -----
From: "David L. Anselmi" <anselmi at anselmi.us>
To: "CLUE tech" <clue-tech at cluedenver.org>
Sent: Saturday, October 18, 2008 10:33 PM
Subject: Re: [clue-tech] ssh, vim helper
> Collins Richey wrote:
>> On Sat, Oct 18, 2008 at 5:39 PM, David L. Anselmi <anselmi at anselmi.us>
>> wrote:
> [...]
>>> Do you use /etc/ssh/ssh_known_hosts so users don't have to identify man
>>> in
>>> the middle attacks themselves?
>>
>> In almost all cases our users are internal, behind a firewall, not
>> visible on the wild and wooly internet.
>
> That's not the point. You have a chance to spare your users being asked
> to trust a key that they won't (maybe can't) verify. It's good form to
> spare them.
>
> If you went as far as to tell them to call you whenever they see such a
> message you might improve your security. But they've already been trained
> to ignore security questions by SSL and personal firewalls (oh, and pop-up
> blockers).
>
> Dave
> _______________________________________________
> clue-tech mailing list
> clue-tech at cluedenver.org
> http://www.cluedenver.org/mailman/listinfo/clue-tech
>
More information about the clue-tech
mailing list