[cryptography] trustwave admits issuing corporate mitm certs

dan at geer.org dan at geer.org
Mon Feb 13 15:43:08 EST 2012


 > This response is a off-topic, but as much as I agree with this, I also
 > think that it is totally unrealistic. Why? Because there is a ground
 > swell of BYOD at companies and for the most part, it seems to be
 > being pushed, not by the techies, but rather by the upper level
 > executives. And when it gets right down to it, its hard to tell your
 > CEO or CFO that they may not bring their iPad2 to the office and
 > connect to the company network, or connect it to the internal
 > company network through a VPN when they are off-site. So you
 > had better find a way for them to do it safely and securely or you
 > will find yourself looking for another job. So we need to find
 > a way to deal with it as it's only going to get worse.

Two refs, one confirmed, one hearsay

1. J. Beeson, CISO, GE Capital has a standard stump speech,
"I don't buy your shoes, why should I buy your computer?"

2. Sec. Napolitano is said to have bought the iPad she is
regularly seen with using her own money.

--dan




More information about the cryptography mailing list