[ISN] Tech Insight: HTTPS Is Evil

http://www.darkreading.com/authentication/167901072/security/privacy/229301300/tech-insight-https-is-evil.html

By Adam Ely
Contributing Writer
Darkreading 
Mar 23, 2011 

Last week, Twitter joined Facebook and other social networks in a 
default HTTPS option to help protect the privacy of users on its site. 
Many believe the author of FireSheep is to thank for pushing HTTPS 
support up the priority list for social networks.

With the new HTTPS setting, millions of people are now able to protect 
their private -- and not so private -- postings from prying eyes on 
airplanes, at coffee shops, or anywhere else they might browse their 
favorite social network sites. Facebook was cheered by the security 
community for finally taking this fundamental step in protecting the 
sessions and data of users.

Enterprise IT organizations, on the other hand, aren't so sure about the 
new security measures. Their first question: How do you monitor what's 
coming in and out of the corporation if all of the transports are 
encrypted?

The perils of social networks have been researched and reported many 
times. The reality is that any transport method out of an organization 
-- whether via physical media or private message in a social network -- 
is a potential avenue for data leakage. When these avenues become 
encrypted, security staff lose the ability to monitor these sessions and 
understand what's going out the door. Essentially, the increased client 
security of these websites decreases the enterprise security response 
capabilities of those tasked with protecting corporate data.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/