[lug] How do you keep your passwords safe while Paying bills and Day Trading at Work?
Nate Duehr
nate at natetech.com
Tue Oct 7 17:11:07 MDT 2008
Ben wrote:
> Am I missing something? My understanding is that as long as the machine
> you are using isn't compromised, and the server you are connected to
> isn't hacked and it is using a certificate signed by a legit 3rd party,
> there is no need to worry about what's in between when using https.
Yep, you actually stated what you're missing. All corporate machines
these days ARE "compromised" -- most IT departments have full control
over them and their filesystems/configurations.
If they have that, they can put fake top level keys, lower level keys...
stuff that only the geekiest would bother to open and look at, since
they could make it "just work" and no one would notice anything "broken"
to report.
Nate
More information about the LUG
mailing list