Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Submission + - Microsoft TMG (OMG!) security (microsoft.com)

m2f2 writes: I was talking with a colleague of mine about the new incarnation of good ol' Microsoft ISA server, the TMG edition.

Browsing thru the filtering options I found this little gem (http://technet.microsoft.com/en-us/library/dd441053.aspx). To inspect https traffic, nothing better than generating your fake certificate in the name of the target site, acting as man-in-the-middle.
So when accessing www.yourbank.com you will be presented with a fake certificate issued by Microsoft TMG, Internet Explorer will trust it because signed by a CA in your trusted ring et voilà... your banking session ends — in cleartext — at proxy level.

Nice way to get sure that techies will do their ebanking at home.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Microsoft TMG (OMG!) security

Comments Filter:

UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn

Working...