On Fri, Oct 8, 2010 at 10:09 PM, Clint Byrum <cl...@ubuntu.com> wrote: > Right, though if that site is *delivered via ssl* and the cert is from > a trusted organization, you can trust the source of that information.. > if you click "history" you know you're getting the real history. > > So if the attacker did not redirect to SSL, then you are not on an > SSL site, and you should be *suspicious*.
I AM a person that has a very high regard towards security (I don't have the same password on two different sites, I notice when a HTTP site asks me for my password, I always check the URL of the website before entering my passwords, etc.) but I have not noticed until now that the wiki.ubuntu.com is always on HTTPS and I don't think I would have noticed when it would have loaded as HTTP. I know that when I get history from wikipedia in clear HTTP, anyone can tamper with that info. The same for travel information I read online, news and all the rest. I know everything in HTTP can be forged. But I do take everything with a grain of salt. Just because it's written on a publicly editable wiki, with all edits accounted for, I know not to trust that info with my life in the first place. The fact that possible lies or mistakes might be tampered with on their way to my computer does not make me any more suspicious of that data. I don't think anyone goes around poking every bit of info they can find about the authors that changed something in the history of a document. I'm sure I can go register the wiki user JomoBacon or IonoBacon and make some edits as him on a number of pages and all this always-HTTPS snake-oil won't save most users from anything. -- . ..: Lucian -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
