Episode 30: SSL Inspection and Interception: Uses, Abuses and Trade-offs

The Payment Card Industry recently passed a deadline requiring that all e-commerce sites and merchants cease supporting TLS 1.0. With this and older protocols such as SSL vulnerable to man-in-the-middle attacks, the fear is that attackers can intercept and tamper with data being sent across these channels. However, SSL interception is also performed by organizations for reasons that include blocking malware or improving data leakage prevention. Richard Gold and Simon Hall join Rafael Amado to discuss how SSL interception works, the different reasons for deploying it, the risks and privacy ramifications of interception, and the overall trade-offs for organizations looking to implement these methods.