[AusNOG] That list
Adrian Chadd
adrian at creative.net.au
Thu Mar 19 15:07:34 EST 2009
On Thu, Mar 19, 2009, John Lindsay wrote:
> On 19/03/2009, at 2:21 PM, Adrian Chadd wrote:
>
> > (URl filtering through HTTPS is doable and happening today. It
> > involves
> > breaking the SSL by loading the user browser with a cert the proxy can
> > auto generate a signed ssl certificate against. Evil, but doable.)
>
> Doable in the same way that having someone else open your mail and
> read it first is doable.
>
> A government mandated man-in-the-middle attack against SSL is just
> what Australia needs to improve economic efficiency and make life much
> easier for fraudsters.
Hey. I'm just pointing out where it -could- go. There's more than 0 ISPs
in specific markets who are doing this -right now-, not withstanding
the increasing numbers of corporates who are doing this through SOE builds.
Don't shoot the message delivery agent. :)
Adrian
More information about the AusNOG
mailing list