[lug] How do you keep your passwords safe while Paying bills and Day Trading at Work?

Nate Duehr nate at natetech.com
Tue Oct 7 17:11:07 MDT 2008

Ben wrote:

> Am I missing something? My understanding is that as long as the machine 
> you are using isn't compromised, and the server you are connected to 
> isn't hacked and it is using a certificate signed by a legit 3rd party, 
> there is  no need to worry about what's in between when using https.

Yep, you actually stated what you're missing.  All corporate machines 
these days ARE "compromised" -- most IT departments have full control 
over them and their filesystems/configurations.

If they have that, they can put fake top level keys, lower level keys... 
stuff that only the geekiest would bother to open and look at, since 
they could make it "just work" and no one would notice anything "broken" 
to report.


More information about the LUG mailing list