Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security

Submission + - Ask Slashdot: Is HTTPS snooping becoming more acceptable? 4

jez9999 writes: "I recently worked for a relatively large company that imposed so-called transparent HTTPS proxying on their network. In practice, what this means is that they allow you to use HTTPS through their network, but it must be proxied through their server and their server must be trusted as a root CA. They were using the Cisco IronPort device to do this. The "transparency" seems to come from the fact that they tend to install their root CA into Internet Explorer's certificate store, so IE won't actually warn you that your HTTPS traffic may be being snooped on (nor will any other browser that uses IE's cert store, like Chrome). Is this a reasonable policy? Is it worth leaving a job over? Should it even be legal? It seems to me rather mad to go to huge effort to create a secure channel of communication for important data like online banking, transactions, and passwords, and then to just effectively hand over the keys to your employer. Or am I overreacting?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Ask Slashdot: Is HTTPS snooping becoming more acceptable?

Comments Filter:
  • This is not an over reaction.
    HTTPS exists to enforce security.

    However, they can do whatever they like with their network, and with their software.

    For a start, the rules are:
    1) Never use your companies internet connection for anything that you wouldn't want your boss standing behind you to see

    2) Always use your own software where practical
    Portable Firefox?

    I am wondering if the company is opening itself up to lawsuits. In the case where their IT staff captured information, say a logon, and this information wa

    • by jez9999 ( 618189 )

      Never use your companies internet connection for anything that you wouldn't want your boss standing behind you to see

      Snooping on HTTPS gives the company even more data than your boss looking over your shoulder would get, though. As well as the convenience of having a constant record of everything you did without having to physically be there all the time, they will see passwords whereas an onlooker wouldn't see the password because of the password field not showing letters.

No hardware designer should be allowed to produce any piece of hardware until three software guys have signed off for it. -- Andy Tanenbaum

Working...