Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of Christopher J.Walker
said:
> Some time ago, I received the following e-mail:
>
> https://cic.gridops.org/index.php?section=rc&page=broadcastret
> rieval&step=2&typeb=C&idbroadcast=39741
>
> Which amounts to "please download and install this rpm from
> this url".
> Whilst this one looked genuine (as did your request). How
> should I know
> which requests are genuine, and which are not?
I've complained about this kind of thing many times over the years with
no effect - as always with security matters we don't take it seriously
unless we actually have an incident!
> Specifically, in the case of this e-mail, it came via
> engine29-1277-2.icritical.com
That's because stfc in its wisdom now sends all our mail, inbound and
outbound, via a commercial company to do virus and spam checking.
> That's useful. It is a pity that the CA isn't one of those in my
> browser/e-mail client by default - though I think that's
> another can of worms.
You should install the UK CA at least, and possibly the other grid CAs
as well. They are the basis for trust in the whole grid so as
individuals I think it's reasonable to trust them too!
Stephen
--
Scanned by iCritical.
|