Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What's Your Take On HTTPS Snooping?

Posted by timothy on from the note-from-the-principal's-office dept.

First time accepted submitter jez9999 writes "I recently worked for a relatively large company that imposed so-called transparent HTTPS proxying on their network. In practice, what this means is that they allow you to use HTTPS through their network, but it must be proxied through their server and their server must be trusted as a root CA. They were using the Cisco IronPort device to do this. The "transparency" seems to come from the fact that they tend to install their root CA into Internet Explorer's certificate store, so IE won't actually warn you that your HTTPS traffic may be being snooped on (nor will any other browser that uses IE's cert store, like Chrome). Is this a reasonable policy? Is it worth leaving a job over? Should it even be legal? It seems to me rather mad to go to huge effort to create a secure channel of communication for important data like online banking, transactions, and passwords, and then to just effectively hand over the keys to your employer. Or am I overreacting?"

4 of 782 comments (clear)

  1. Re:Perspectives by AVee · · Score: 4, Funny

    I've actually been at a company which physically removed all usb plugs (and other external connections) from computers, wired up a single network cable internally and after that actually welded the case shut. All those systems where on an isolated network and monitored constantly. If you'd cut the network cable somebody would come down to take a look at what you where up to. They also had armed guards and would lock down the entire site (physically) when anything slightly suspicious happened. They would also go through your bags, etc.
    I had no problem working there, because it was all justified. I also would definitely quit a company if I found out they where running an SSL proxy without telling this upfront. I also might quit a company which is upfront about it but doesn't have a proper justification for measures like that.

    Security also is a compromise. Most companies don't need that sort of security, they just need protection against stupid people doing stupid things. Depending on what you're trying to accomplish and what you're protecting an SSL proxy can be the right thing to do. But indeed, you shouldn't believe it will protect you against every possible data leak.

  2. Re:Don't do personal shit at work by drsmithy · · Score: 3, Funny

    seriously, the sense of entitlement is a little annoying

    I know what you mean. Personally, I'm disgusted that my decadent coworkers don't even understand how fortunate they are that our glorious <strike>Lord</strike>employer even has running water at work, let alone allows them such outrageous luxuries as furniture and air conditioning.

    The sense of entitlement in the modern worker is out of control. I've heard some of them believe they should be provided not only toilets, but toilet paper, without any stipend being taken from their wage at all !

  3. Re:They don't enforce snooping on everything by houstonbofh · · Score: 4, Funny

    But do you know everybody that works at IT?

    Not since the call center was outsourced to India...

  4. Re:They don't enforce snooping on everything by arth1 · · Score: 3, Funny

    I agree. And just for extra measure, don't do personal banking from your home PC unless it's housed in a windowless room with concrete walls that are least 4 inches thick.

    Dude, that means 80% of the /. user base is covered.