Andy Walker wrote:

> Nomen Nescio wrote:
>
> >No, Tor doesn't change the fact that SSL has safeguards against MITM
> >attacks built into it. You're misunderstanding something you've read,
> >and you're spreading FUD as a result.
>
> Guess again skippy, we do it in-house to scan SSL sessions for data
> leaks and malicious content.

With the proxy running under the 5 versions outdated installation of PHP
you're still using? ;-)

Here's a clue: It doesn't work. Not without exerting physical control
over client softwares and the certificates they accept it doesn't
anyway. You conveniently left that part out, the part about you
mandating security policies, or you're just flat out flinging lies
hoping something will stick.

If you own the client you can make it do anything you want just like
inattentive users can. Accept any bogus certificate you offer, skip any
and all security checks, etc. And it's trivial to proxy SSL connections
themselves. You can even block connections you can't monitor so that
you force your users to use your certificates even if they do figure
out how to reset your broken security to defaults.

Hell, for that matter, readers can use something as simple as stunnel to
proxy SSL certificates locally and do the exact same thing as an
experiment, using a certificate they created themselves and manually
authorized in some client. Works just the same.

Of course not one bit of any of that has anything at all to so with the
subject at hand, so all you've really done here is yap about nothing of
any import. We're not talking about local network administrators
auditing and controlling installed software. Now are we? Hmmmmm??