[atamyrat]

> Remember most of these do intercept -- they have an SSL CA cert which is trusted by all your business client devices, to do MITM. So, if you pwn the box, you can pwn all the SSL traffic at the target company, too. It's an excellent place to attack.

I really hope this certificate is not installed/trusted by default on major browsers. Can somebody confirm it?

EDIT:

https://www.barracudanetworks.com/news/press_release/33

"Transparent deployment of this enhanced SSL Inspection feature requires deployment of a trusted root certificate on client Web browsers."

[lawnchair_larry]

No, the way these work is your IT deploys the internal CA cert as trusted on all systems in the enterprise.

[alistair77]

I believe IE and Chrome use the operating systems list of certs. So your corporate IT dept can deploy the trusted certificates pretty easily. Firefox has it's own list of certificates so in theory is less susceptible to these corporate MITM attacks.