Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security

Submission + - Ask Slashdot: Is HTTPS snooping becoming more acceptable? 4

jez9999 writes: "I recently worked for a relatively large company that imposed so-called transparent HTTPS proxying on their network. In practice, what this means is that they allow you to use HTTPS through their network, but it must be proxied through their server and their server must be trusted as a root CA. They were using the Cisco IronPort device to do this. The "transparency" seems to come from the fact that they tend to install their root CA into Internet Explorer's certificate store, so IE won't actually warn you that your HTTPS traffic may be being snooped on (nor will any other browser that uses IE's cert store, like Chrome). Is this a reasonable policy? Is it worth leaving a job over? Should it even be legal? It seems to me rather mad to go to huge effort to create a secure channel of communication for important data like online banking, transactions, and passwords, and then to just effectively hand over the keys to your employer. Or am I overreacting?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Ask Slashdot: Is HTTPS snooping becoming more acceptable?

Comments Filter:
  • This is not an over reaction.
    HTTPS exists to enforce security.

    However, they can do whatever they like with their network, and with their software.

    For a start, the rules are:
    1) Never use your companies internet connection for anything that you wouldn't want your boss standing behind you to see

    2) Always use your own software where practical
    Portable Firefox?

    I am wondering if the company is opening itself up to lawsuits. In the case where their IT staff captured information, say a logon, and this information wa

    • by jez9999 ( 618189 )

      Never use your companies internet connection for anything that you wouldn't want your boss standing behind you to see

      Snooping on HTTPS gives the company even more data than your boss looking over your shoulder would get, though. As well as the convenience of having a constant record of everything you did without having to physically be there all the time, they will see passwords whereas an onlooker wouldn't see the password because of the password field not showing letters.

If the facts don't fit the theory, change the facts. -- Albert Einstein

Working...