Wed Feb 22 22:28:26 CET 2006



Found a PDF where an admin describes an intrusion into his
system, and what he did about it. Nothing revolutionary in his
methods, but it was nonetheless interesting to see how he
dealt with it. (http://www.rosiello.org/modules/smartsection/item.php?itemid=23).

Another intersting article, this one dealing with
SSL. Apparently this company has a product which, when placed
between the corporate intranet and the rest of the world, can
act as a proxy for SSL. Here
is a PDF describing what they do, in corporate speak. 

It seems they reissue the target site's CA with the client
corporations own intranet CA, so that the client machines
inside the network get tricked into thinking that they have a
nice SSL tunnel from themselves to the target host. In reality
this tunnel is actually terminated at the proxy, where lots of
scanners can take a look at the contents of the TCP
sessions. Afterwards they put the data they looked at into
another SSL tunnel to the target system.

Ugh. A despicable tool.

Won't take long before this is implemented at most
megacorps, including where I work.