On 04/05/2013 12:45 PM, Lonnie Olson wrote: > On Fri, Apr 5, 2013 at 12:28 PM, Barry Roberts <[email protected]> wrote: > > Agreed. It does suck. Also even more worrisome is that this SSL MITM > filtering means it's possible and trivial for your company to log, > sniff, and eavesdrop on your private HTTPS connections, including your > banking info, private web mail sessions, etc. > > My company has brought up the subject of enabling this feature several > times, I have to fight hard every time to prevent it. So far I have > been successful. Filtering unencrypted web sessions doesn't bother > me, but don't mess with SSL. It breaks trust with users, opens new > holes in security, prevents true site verification, and is just plain > creepy (IANAL). > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ >
My two cents, Once I discovered DansGuardian, I've never looked back. for the SSL only sites that have 'questionable' content, I don't sweat, cuz I just put them in the bannedsitelist filter and forget about it.. if it has evil, then the good ain't worth it ;-) OpenDNS however is a good solution too, both combined would be a killer tool. -- John D Jones III Perl/Javascript/Systemd Zealot [email protected] http://www.zoelife4u.org/ /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
