Conversation:
Notices
-
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca (bobjonkmanformer)'s status on Thursday, 19-Feb-2015 07:56:10 EST 
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca
MITM cert software is all too common. There's a whole ecosystem of vendors selling MITM "solutions" to corporations. And since nobody ever checks the cert details when they're browsing with https, nobody realizes they've been compromised. Never do your banking from your employer's computer! The whole hierarchical PKI of certs, CAs and browsers is completely broken. !surveillance !security - Joshua Judson Rosen repeated this.
-
lnxw48 (Linux Walt) (lnxw48)'s status on Thursday, 19-Feb-2015 12:42:36 EST 
lnxw48 (Linux Walt)
@der @bobjonkman Not just your employer's computer. I used to get catalogs of MITM appliances sent to me at work. The vendors were targeting chains of #coffee shops and eateries that offered #WiFi access. I suspect you're being MITM'd every time you use Internet at a hotel, too. Joshua Judson Rosen repeated this. -
Joshua Judson Rosen (rozzin)'s status on Saturday, 21-Feb-2015 17:40:02 EST 
Joshua Judson Rosen
I've heard corporate IT types say "the fundamental underlying problem" with #endtoend !security is that it's secure end-to-end: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-3/123_security.html -
Joshua Judson Rosen (rozzin)'s status on Saturday, 21-Feb-2015 17:43:38 EST
Joshua Judson Rosen
@lnxw48, that's #disturbing. What's the rationale for coffee-shops #MITM'ing their clientele, anyway? -
lnxw48 (Linux Walt) (lnxw48)'s status on Saturday, 21-Feb-2015 17:45:44 EST
lnxw48 (Linux Walt)
@rozzin The vendors' main argument was legal compliance. Joshua Judson Rosen repeated this. -
MMN-o ✅⃠ (mmn)'s status on Saturday, 21-Feb-2015 18:22:38 EST 
MMN-o ✅⃠
@rozzin Yeah, it's a problem when something good is good.
All Hacker Poesy content and data are available under the