Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Submission + - Microsoft TMG (OMG!) security (

m2f2 writes: I was talking with a colleague of mine about the new incarnation of good ol' Microsoft ISA server, the TMG edition.

Browsing thru the filtering options I found this little gem ( To inspect https traffic, nothing better than generating your fake certificate in the name of the target site, acting as man-in-the-middle.
So when accessing you will be presented with a fake certificate issued by Microsoft TMG, Internet Explorer will trust it because signed by a CA in your trusted ring et voilà... your banking session ends — in cleartext — at proxy level.

Nice way to get sure that techies will do their ebanking at home.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Microsoft TMG (OMG!) security

Comments Filter:

The trouble with money is it costs too much!