|
|
|
|
|
|
by alexvoda
1347 days ago
|
|
|
Shouldn't HTTPS prevent this unless the client has the certificate of the MITMer installed? This being security theatre, it is entirely plausible that the "security" proxy actually decrypted trafic and required the user to have the certificate installed. |
|
|
https://news.ycombinator.com/item?id=33095888
> I work at a government agency and here are my tales.
> 1) They install a root certificate on all machines and use that to MITM all TLS connections using a firewall appliance. They turn this MITM on one day without notifying any developer. Overnight, all our builds (run on-prem) fail because npm install, pip install etc fail and we spent a long time trying to figure it out. They are still failing to this day and I have to get off the VPN every time I need to run these simple commands. IT absolutely doesn't give a flying * about developers.