Web Filtering

John D Jones III unixgeek1972 at gmail.com
Fri Apr 5 15:25:54 MDT 2013

On 04/05/2013 12:45 PM, Lonnie Olson wrote:
> On Fri, Apr 5, 2013 at 12:28 PM, Barry Roberts <blr at robertsr.us> wrote:
> Agreed.  It does suck.  Also even more worrisome is that this SSL MITM
> filtering means it's possible and trivial for your company to log,
> sniff, and eavesdrop on your private HTTPS connections, including your
> banking info, private web mail sessions, etc.
> My company has brought up the subject of enabling this feature several
> times, I have to fight hard every time to prevent it.  So far I have
> been successful.  Filtering unencrypted web sessions doesn't bother
> me, but don't mess with SSL.  It breaks trust with users, opens new
> holes in security, prevents true site verification, and is just plain
> creepy (IANAL).
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */

My two cents,
Once I discovered DansGuardian, I've never looked back. for the SSL only 
sites that have 'questionable' content, I don't sweat, cuz I just put 
them in the bannedsitelist filter and forget about it.. if it has evil, 
then the good ain't worth it ;-) OpenDNS however is a good solution too, 
both combined would be a killer tool.
John D Jones III
Perl/Javascript/Systemd Zealot
unixgeek1972 at gmail.com

More information about the PLUG mailing list