> On Tue, Feb 16, 2010 at 7:17 AM, Matus UHLAR - fantomas > <uhlar@xxxxxxxxxxx> wrote: > > Are you aware of all security concerns when intercepting HTTPS connections? > > > > ...I just wonder when will first proactive admin (or someone from his managers) sent > > to prison because of breaking into users connections. On 16.02.10 09:40, K K wrote: > Laws vary by country. At least in the US, SSL-Intercepting admins are > much more likely to face civil liability than any sort of criminal > charge. So no prison, just bankruptcy. IT highly depends on what will admin do with the data - if and what data will leak out. > With the requirement to load a public key on the machine being > intercepted, generally this is only deployed in situations where the > owner of the proxy also already "owns" the user machine. I still would like to warn all admins of security breach using the sslbump and legal or ethical risks of doing that. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges.
