Here: http://techdirt.com/articles/20100325/0403568713.shtml<p>And the offending appliance: http://www.wired.com/threatlevel/2010/03/packet-forensics/<p>I've got hundreds of clients who use the Internet, but are not - as we would say - Internet savvy. What do you think I should tell them (and what will you tell YOUR customers) when the idea that ANY government agency can spy on supposedly "secure" connections hits the mainstream? I have some ideas, but you, my colleagues and superiors frequenting HN, must have some more insight...
If I'm missing something, please tell me -- but the whole scheme relies on obtaining a fake SSL certificate. This type of attack has always been possible with a fake SSL cert. I don't see how this little blue box changes anything.