Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
What's the story with these ads on Slashdot? Check out our new blog post to find out. ×
Security

Submission + - Ask Slashdot: Is HTTPS snooping becoming more acceptable? 4

jez9999 writes: "I recently worked for a relatively large company that imposed so-called transparent HTTPS proxying on their network. In practice, what this means is that they allow you to use HTTPS through their network, but it must be proxied through their server and their server must be trusted as a root CA. They were using the Cisco IronPort device to do this. The "transparency" seems to come from the fact that they tend to install their root CA into Internet Explorer's certificate store, so IE won't actually warn you that your HTTPS traffic may be being snooped on (nor will any other browser that uses IE's cert store, like Chrome). Is this a reasonable policy? Is it worth leaving a job over? Should it even be legal? It seems to me rather mad to go to huge effort to create a secure channel of communication for important data like online banking, transactions, and passwords, and then to just effectively hand over the keys to your employer. Or am I overreacting?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Ask Slashdot: Is HTTPS snooping becoming more acceptable?

Comments Filter:
  • This is not an over reaction.
    HTTPS exists to enforce security.

    However, they can do whatever they like with their network, and with their software.

    For a start, the rules are:
    1) Never use your companies internet connection for anything that you wouldn't want your boss standing behind you to see

    2) Always use your own software where practical
    Portable Firefox?

    I am wondering if the company is opening itself up to lawsuits. In the case where their IT staff captured information, say a logon, and this information wa

    • by jez9999 (618189)

      Never use your companies internet connection for anything that you wouldn't want your boss standing behind you to see

      Snooping on HTTPS gives the company even more data than your boss looking over your shoulder would get, though. As well as the convenience of having a constant record of everything you did without having to physically be there all the time, they will see passwords whereas an onlooker wouldn't see the password because of the password field not showing letters.

The value of a program is proportional to the weight of its output.

Working...