Blue Coat to cleanse encrypted traffic

Discussion in 'privacy general' started by ronjor, Nov 8, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    Story
     
  2. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Doesn't this basically mean that SSL is broken?
    An ISP can install something similar to this to view the contents of an SSL connection. Under the guise of protecting its customers it can gain valuable data mining resources of product purchases, etc.
    Instead of installing a packet sniffer at some arbitrary midpoint, couldn't malcontents install something like this to scan inside SSL streams for credit card data?
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    As far as I'm concerned, SSL is broken. :D
     
  4. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    This sucks.
    How are we supposed to securely communicate with a website?
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    Good question. I have no answers. :ninja:
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I imagine this would do the same thing as Proxomitron with the SSL DLLs.. your browser would pop-up a warning saying that the certificate belongs to the proxy rather than the website.
     
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Exactly. This is the same issue that was raised in the Dangers of HTTPS thread. Good to see some commercial vendors wake up to this issue.
     
  8. ~~~~

    ~~~~ Guest

    Indeed. Paranoid2000 has being a tireless crusader since 2004 against the dangers of HTTPS. Kind of like Steve Gibson against spyware.
     
  9. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    That's good to know that SSL is not broken.
    I'll keep an eye on my certificates.
    Thanks Notok.
     
  10. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks Paranoid2000,
    Each time I read that thread, I learn something new. That is the sign of good thread. (Or maybe it's just a sign of my poor reading retention! :D)
     
  11. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    They have a lot of info on this device at the BlueCoat site.
    For those interested, this hardware proxy appliance (ProxySG) appears to be very capable and configurable. For SSL proxying, it seems to act like a man-in-the-middle attack but for the purpose of monitoring and scanning SSL streams for malware. This is great for corporations and companies who want protect their network from threats hiding within SSL (as Paranoid2000's thread points out). But it's also good for preventing employees from bypassing company IT policy by using SSL.
     
Loading...
Thread Status:
Not open for further replies.