[tech] WebCT access now denied from wireless
David Adam
zanchey at ucc.gu.uwa.edu.au
Mon Oct 1 12:20:23 WST 2007
All requests to WebCT from UCC's wireless are now disallowed, and a
warning page displayed instead (this is implemented with a DNAT on the
firewall and an extra virtual host on Mussel).
WebCT does not use SSL to protect its authentication transactions, but
uses Pheme passwords, so we were allowing people to transmit their
password in the clear. This is a little irresponsible, so we're now
redirecting users to a copy of http://mussel.ucc.gu.uwa.edu.au/webct6/
(probably only visible on FREENETS).
This is a precursor to a general disclaimer which I'd like to place on the
wireless for all users, as many people are not aware of programs like
dsniff(1) or driftnet(1).
If there are other pages which allow you to submit your Pheme password in
the clear, please contact me (off list, duh) and we'll block those too.
David Adam
UCC Wheel Member
zanchey@
More information about the tech
mailing list