Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Microsoft TMG (OMG!) security (

m2f2 writes: I was talking with a colleague of mine about the new incarnation of good ol' Microsoft ISA server, the TMG edition.

Browsing thru the filtering options I found this little gem ( To inspect https traffic, nothing better than generating your fake certificate in the name of the target site, acting as man-in-the-middle.
So when accessing you will be presented with a fake certificate issued by Microsoft TMG, Internet Explorer will trust it because signed by a CA in your trusted ring et voilà... your banking session ends — in cleartext — at proxy level.

Nice way to get sure that techies will do their ebanking at home.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Microsoft TMG (OMG!) security

Comments Filter:

You know, Callahan's is a peaceable bar, but if you ask that dog what his favorite formatter is, and he says "roff! roff!", well, I'll just have to...