> On Tue, Feb 16, 2010 at 7:17 AM, Matus UHLAR - fantomas
> <uhlar_at_fantomas.sk> wrote:
> > Are you aware of all security concerns when intercepting HTTPS connections?
> >
> > ...I just wonder when will first proactive admin (or someone from his managers) sent
> > to prison because of breaking into users connections.
On 16.02.10 09:40, K K wrote:
> Laws vary by country. At least in the US, SSL-Intercepting admins are
> much more likely to face civil liability than any sort of criminal
> charge. So no prison, just bankruptcy.
IT highly depends on what will admin do with the data - if and what data
will leak out.
> With the requirement to load a public key on the machine being
> intercepted, generally this is only deployed in situations where the
> owner of the proxy also already "owns" the user machine.
I still would like to warn all admins of security breach using the sslbump
and legal or ethical risks of doing that.
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges.Received on Thu Feb 18 2010 - 08:19:56 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 18 2010 - 12:00:06 MST