Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
YES! Tell this to the RIAA so they can go bully AT&T, Comcast, &c. instead of nine-year-old girls. Oh, wait.
> it can just drop it if people start playing games
If it can see that people started playing games. Years pass before this kind of traffic is detected as "suspicious":
<[[CDATA[>packet contents for the reply<]]]>
And, as I said, banks Do Not Want you to MITM their https connections. They *will* start challenging client certificates if it comes to that, because they can't afford the risk otherwise.
HTTPS interception in Nokia's mobile browser
Posted Jan 29, 2013 12:40 UTC (Tue) by nim-nim (subscriber, #34454)
> YES! Tell this to the RIAA so they can go bully AT&T, Comcast, &c. instead
> of nine-year-old girls. Oh, wait
Actually, this is another reason why proxy interception exists on the workplace, as some users are too dumb not to engage in law-breaking activities there. That does not make company lawyers laugh a little bit.
>> it can just drop it if people start playing games
> If it can see that people started playing games.
People will only invest in specific filtering rules is they are worth the bother. Your example is not widespread, therefore it is not worth detecting so far.
> And, as I said, banks Do Not Want you to MITM their https connections.
And as I wrote before, such claims are worthless without any hard data to back them up. Show us a single case involving banks and proxies and we can talk.
Posted Jan 29, 2013 13:24 UTC (Tue) by khim (subscriber, #9252)
Show us a single case involving banks and proxies and we can talk.
A few banks I've worked with never supported HTTPS as a means to secure transactions - exactly because they can be hijacked so easily. They either offered their own programs or separate devices to sign the transactions. What's surprising is that these Internet-disconnected devices are making a comeback: I know they were receinly reintroduced at least in Raiffeisen.
Does it look like endorcement of MITM-in-https to you?
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds