On Thu, 26 Mar 2015 17:18 Reco <recovery...@gmail.com> wrote:
> > Hi. > > On Thu, 26 Mar 2015 12:44:11 -0700 > rog...@queernet.org <rog...@queernet.org> wrote: > > > On 3/26/15 12:42 PM, Michael Graham wrote: > > > On 26 March 2015 at 14:18, Reco <recovery...@gmail.com> wrote: > > >> Then it's even worse that I thought. I don't know about Germany, but > > >> where I live tampering with public communications is considered a > > >> criminal offense. I strongly suggest you to seek a legal advice before > > >> doing anything like SSL bump. > > > Just out of curiosity where do you live? As MITM proxies in school/business > > > seem to be pretty common in the US and the UK. > > > > > > > I bet your proxy firewall does it too. > > Ow. Exactly which kind of consumer-grade hardware comes with SSL bump > preinstalled? That's very interesting to me as I like know which > hardware to avoid in the future. It's way more common than you seem to think. CERT recently did a blog post about it and it contains a list of both hardware vendors (like Bloxx and bluecoat) as well as commercial and free software. http://www.cert.org/blogs/certcc/post.cfm?EntryID=221 Basically if you're selling a web filter or similar security device, you let admins bump SSL. Given how easy it is for those same admins to push the fake SSL CAs out over active directory group policy it's pretty much transparent to most naive users who don't understand the difference between https and http never mind trying to explain a MITM proxy with a fake root CA! Cheers,
