Discussion in 'privacy general' started by ronjor, Nov 8, 2005.
Doesn't this basically mean that SSL is broken?
An ISP can install something similar to this to view the contents of an SSL connection. Under the guise of protecting its customers it can gain valuable data mining resources of product purchases, etc.
Instead of installing a packet sniffer at some arbitrary midpoint, couldn't malcontents install something like this to scan inside SSL streams for credit card data?
As far as I'm concerned, SSL is broken.
How are we supposed to securely communicate with a website?
Good question. I have no answers.
I imagine this would do the same thing as Proxomitron with the SSL DLLs.. your browser would pop-up a warning saying that the certificate belongs to the proxy rather than the website.
Exactly. This is the same issue that was raised in the Dangers of HTTPS thread. Good to see some commercial vendors wake up to this issue.
Indeed. Paranoid2000 has being a tireless crusader since 2004 against the dangers of HTTPS. Kind of like Steve Gibson against spyware.
That's good to know that SSL is not broken.
I'll keep an eye on my certificates.
Each time I read that thread, I learn something new. That is the sign of good thread. (Or maybe it's just a sign of my poor reading retention! )
They have a lot of info on this device at the BlueCoat site.
For those interested, this hardware proxy appliance (ProxySG) appears to be very capable and configurable. For SSL proxying, it seems to act like a man-in-the-middle attack but for the purpose of monitoring and scanning SSL streams for malware. This is great for corporations and companies who want protect their network from threats hiding within SSL (as Paranoid2000's thread points out). But it's also good for preventing employees from bypassing company IT policy by using SSL.
Separate names with a comma.