Security by using .net instead of .com
-
@Dashrender said:
There are no errors, etc. Just the user noticing the change.
Exactly. You train users to look for these kinds of things to know when they are being hijacked. It's a red flag. This trains them to ignore common security training and just accept dangerous things.
-
Wow...just wow.
I don't like sales people much.
And where do I have to click to get the redirect?
-
If you click on Employee (and probably Customer) on the left, you'll be redirected to the .net site with the logon page.
-
Yeah, I agree with you @Dashrender and @scottalanmiller
-
@Dashrender Got it. I have actually seen that a lot. They don't call it security per say, they usually justify the .net as the SSL site and the .com is the public facing site. Some think its security by obscurity (or is that absurdity?), others just want to keep things separate.
Although SSL on the whole site used to be something everyone avoided, Google has now suggested that all sites use SSL.
-
@technobabble said:
Although SSL on the whole site used to be something everyone avoided, Google has now suggested that all sites use SSL.
Everyone has been suggesting that now. For a while. To the point where even normal sites with no reason to need security are now recommended to start moving to full SSL. That's why the EFF is working on a free SSL cert authority to make that possible for everyone.
-
The reason you want anyone and everyone on the web to have an SSL to to prevent injection attacks, and hopefully some government snooping!
-
You don't care much about either of those things most of the time though. Banking, sure. Facebook, of course. Shopping, obviously. But just reading random news or whatever, the things that most of us do most of the time, it doesn't matter so much. If someone injection attacks me while browsing 9Gag or the government knows that I am reading about funny cat memes, doesn't concern too many people.
-
If there's no authentication, I suppose - but so many of those site do have authentication now days.
And why would you not care about injection attacks (drive by downloads) ?
-
@Dashrender said:
And why would you not care about injection attacks (drive by downloads) ?
Downloads of what? And are we really worried about people attacking from inside the ISP?
-
A sales person being wrong about something technical. I've never seen that before
