Edit History Actions Discussion

Diff for "Info/Security"

Differences between revisions 2 and 4 (spanning 2 versions)
Revision 2 as of 2006-12-20 19:39:56
Size: 1733
Comment:
Revision 4 as of 2006-12-20 19:46:41
Size: 1853
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
#acl Known:read Default
Line 12: Line 13:
Firstly, all messages sent by me to users will always start with a ''personal'' greeting. It will say "Hi George" if your name is george, never trust emails from me without this personal greeting. Firstly, all messages sent by me to users will always start with a somewhat personal greeting. It will say "Hi Electron" if your nickname in the signup process was Electron. Never trust emails with a generic greeting if it contains any sensitive information or links to unknown webpages etc.

Security

Here you can find some general information and pointers about security in general and more specifically Blinkenshell.

Passwords

Do not use the same password for your shell account as you use for other services. Especially not services that communicate over non-secure protocols like most connections via IRC.

Also, check out our password policy: PasswordPolicy

Phising and trust

Phising is starting to become a more eminent threat, therefore I've decided to make some policies about how communication with users regarding sensitive information (passwords) should be handled

Firstly, all messages sent by me to users will always start with a somewhat personal greeting. It will say "Hi Electron" if your nickname in the signup process was Electron. Never trust emails with a generic greeting if it contains any sensitive information or links to unknown webpages etc.

Secondly, I will always send an OpenPGP signature with all my emails. If you do not know what OpenPGP is, you can read more about it at Wikipedia: http://en.wikipedia.org/wiki/OpenPGP

You can download my OpenPGP public key signature on my personal page: JohanMarcusson. You can not fully trust this however, since you downloaded it over the internet. But I'll make sure that no one else publishes an OpenPGP signature on this website trying to say it's mine.

Communication that is not regarding sensitive information like passwords might not be signed. Also, automatically sent information like the email activation step in the signup program does not currently send signed messages.

Lastly, I will never ask you to enter your password for the shell on any form on any website, especially not over a non-secure connection.

Read more

http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.html