[cryptography] trustwave admits issuing corporate mitm certs

dan at geer.org dan at geer.org
Mon Feb 13 15:39:51 EST 2012


 > Not really tough.  A good policy is: don't allow personal use of the
 > corporate network.  No gmail.  No yahoo.  No employee-owned devices.
 > No shopping.  No nothing.  Allow HTTPS only to white-listed sites
 > (e.g., vendor software update services, a github or a sourceforge, if
 > the company uses open source projects, and so on).

So, this Times article suggests hygiene if one goes to China/Russia

http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html

and the question might be what is the probability of similar issues
in, say, conference hotels in US resort cities?  If not now, when?

Just sayin'

--dan




More information about the cryptography mailing list