Web Filtering

Lonnie Olson lists at kittypee.com
Fri Apr 5 12:45:05 MDT 2013


On Fri, Apr 5, 2013 at 12:28 PM, Barry Roberts <blr at robertsr.us> wrote:
> It's cake until you have to add that cert to your jvm keystore, and
> configure git to work when ssl certs don't match, and configure your
> package management, and so on, and so on.  Working for a large public
> company sucks sometimes (?).  Filtering employee web access is considered
> standard now.

Agreed.  It does suck.  Also even more worrisome is that this SSL MITM
filtering means it's possible and trivial for your company to log,
sniff, and eavesdrop on your private HTTPS connections, including your
banking info, private web mail sessions, etc.

My company has brought up the subject of enabling this feature several
times, I have to fight hard every time to prevent it.  So far I have
been successful.  Filtering unencrypted web sessions doesn't bother
me, but don't mess with SSL.  It breaks trust with users, opens new
holes in security, prevents true site verification, and is just plain
creepy (IANAL).


More information about the PLUG mailing list