HTTPS redirects to HTTP for monitoring

• Previous message (by thread): HTTPS redirects to HTTP for monitoring
• Next message (by thread): HTTPS redirects to HTTP for monitoring
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sunday, January 18, 2015, John Levine <johnl at iecc.com> wrote:

> >> So your idea is to block every HTTPS website?
> >From my point of view, it is better than violate user privacy & safety.
> >
> >Sneaky is evil.
>
> I expect your users would fire you when they found you'd blocked access to
> Google.
>
>
And they would sue you for gross negligence for decrypting their ssn when
access company  payroll and cpni data

>>> These boxes that violate end to end encryption are a great place for
> >>> hackers to steal the bank and identity info of everyone in your
> company.
>
> Since the end user machines are generally running Windows, why would bad
> guys
> waste time on a much harder and more obscure target?
>
>
Who said the mitm box was not running windows ?

That said, a properly admin'd win7 box is about as secure as any other end
station in my opinion. Yea, win2k and xp were a pain, msft has come a long
long way.

The same cannot be said for Adobe or Java.

CB

• Previous message (by thread): HTTPS redirects to HTTP for monitoring
• Next message (by thread): HTTPS redirects to HTTP for monitoring
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]