Bah, every real hacker, and presumably everyone worried enough about masking their network traffic at work, knows how to establish an SSH tunnel to a trusted server, which is then used to proxy all traffic to the desired sites, by way of a 1024-bit or higher true crypto algorithm. Web SSL is for wussies, and anyone using it deserves to be monitored. And for those companies who restrict ssh ports, go ahead and use web ssl, but download one of those nifty tunnelers that throws highly-encrypted packets through the tunnel, because no off-the-shelf product is going to crack a 1024+ bit symmetric key.
WT | 07.03.06 - 5:41 pm | #

How do you spoof the server side cert if the browser does not use the Windows cert store? Like Firefox or Opera?
Siddhartha Jain | 08.05.08 - 6:27 pm | #