[177416] in North American Network Operators' Group
Re: HTTPS redirects to HTTP for monitoring
daemon@ATHENA.MIT.EDU (Ca By)
Sun Jan 18 13:29:14 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <20150118181509.24102.qmail@ary.lan>
Date: Sun, 18 Jan 2015 10:29:05 -0800
From: Ca By <cb.list6@gmail.com>
To: John Levine <johnl@iecc.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Sunday, January 18, 2015, John Levine <johnl@iecc.com> wrote:
> >> So your idea is to block every HTTPS website?
> >From my point of view, it is better than violate user privacy & safety.
> >
> >Sneaky is evil.
>
> I expect your users would fire you when they found you'd blocked access to
> Google.
>
>
And they would sue you for gross negligence for decrypting their ssn when
access company payroll and cpni data
>>> These boxes that violate end to end encryption are a great place for
> >>> hackers to steal the bank and identity info of everyone in your
> company.
>
> Since the end user machines are generally running Windows, why would bad
> guys
> waste time on a much harder and more obscure target?
>
>
Who said the mitm box was not running windows ?
That said, a properly admin'd win7 box is about as secure as any other end
station in my opinion. Yea, win2k and xp were a pain, msft has come a long
long way.
The same cannot be said for Adobe or Java.
CB
