On 2015-11-22 5:25 PM, Mouse wrote:
https is supposed to prevent "man in the middle" attacks, provided you enfor$
That was the original theory, as I understand it.
But there are way too many "in most browsers by default" CAs that are
willing to sell wildcard certs such as can be used for MitM attacks
without disturbing cert validity checks. I even recall hearing of some
caching proxy (squid maybe?) that, out of the box, could use such a
Microsoft Forefront TMG maybe?
http://itknowledgeexchange.techtarget.com/itanswers/https-inspection-within-forefront-threat-management-gateway-2010/
--Toby
cert to provide caching for HTTPS connections - they're that common.
...
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mo...@rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
