Note that the Security Community in general considers this a "big security blunder". However, of special note, is the following quote:
"A fraudulent ad server using HTTPS. We were basically blind to it," he says.
Question - are you still putting off HTTPS Decryption? Wouldn't it be nice if you had Security Controls with visibility into your encrypted traffic and that ongoing attack??
Response - Yes, HTTPS Decryption and proxies in general can be complex... but ESPO Systems can help you with our Best Practices. :-) An additional advantage to consider, as identified within another story running on Dark Reading regarding questionable CAs, found here, is easily addressed when you have a Websense Proxy and thereby have a central location to control CAs:
No comments:
Post a Comment