Steven.Glogger_at_swisscom.com wrote:
> hi amos
>
>> Welcome to the world of security protection against man-in-middle
>> attacks (the correct name for 'transparent' interception proxy
>> mode).
>>
>> Windows Update requires a HTTPS authentication request to succeed
>> before it will update. The authenticator unconditionally verifies
>> the security certificates as all good browsers and web clients
>> should also be doing.
>>
>> ... catch my drift?
>
> yes, but normally some message is popping up to the customer saying:
> yeah dude, there's a certificate but it's wrong. you want me to do
Well, what would you expect a master-privilege background service with
zero user input access to do?
> something? but i see, i have to 'bypass' microsoft updates on the
> firewall instead of forwarding it the to proxy.... thats a hack, and
> i dont like hacks.. ,-(
>
> -steven
The biggest hack of all is the transparent proxy itself. :)
Followed closely by the 'okay' button which disables security in the web
browser every time the users click it and pass you their secure data.
Oh well, your choice, your problems.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1Received on Thu Jun 11 2009 - 16:08:03 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 11 2009 - 12:00:03 MDT