Hacker News new | ask | show | jobs
What do I tell the average Internet user about this?
4 points by Diogenes 5930 days ago
Here: http://techdirt.com/articles/20100325/0403568713.shtml

And the offending appliance: http://www.wired.com/threatlevel/2010/03/packet-forensics/

I've got hundreds of clients who use the Internet, but are not - as we would say - Internet savvy. What do you think I should tell them (and what will you tell YOUR customers) when the idea that ANY government agency can spy on supposedly "secure" connections hits the mainstream? I have some ideas, but you, my colleagues and superiors frequenting HN, must have some more insight...
1 comments
apowell 5929 days ago
If I'm missing something, please tell me -- but the whole scheme relies on obtaining a fake SSL certificate. This type of attack has always been possible with a fake SSL cert. I don't see how this little blue box changes anything.
link
Diogenes 5929 days ago
It seems to me that one of the primary problems is that law enforcement agencies don't need a warrant or subpoena for the SSL certificate. Where's the accountability?
link
apowell 5929 days ago
Agreed, but again, what's changed? This problem has always existed, and it's getting some airtime now because someone made a little blue box to that makes it a bit easier to configure.
link