Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security

Submission + - Microsoft TMG (OMG!) security (microsoft.com)

m2f2 writes: I was talking with a colleague of mine about the new incarnation of good ol' Microsoft ISA server, the TMG edition.

Browsing thru the filtering options I found this little gem (http://technet.microsoft.com/en-us/library/dd441053.aspx). To inspect https traffic, nothing better than generating your fake certificate in the name of the target site, acting as man-in-the-middle.
So when accessing www.yourbank.com you will be presented with a fake certificate issued by Microsoft TMG, Internet Explorer will trust it because signed by a CA in your trusted ring et voilà... your banking session ends — in cleartext — at proxy level.

Nice way to get sure that techies will do their ebanking at home.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Microsoft TMG (OMG!) security

Comments Filter:

"'Tis true, 'tis pity, and pity 'tis 'tis true." -- Poloniouius, in Willie the Shake's _Hamlet, Prince of Darkness_

Working...