SSL - a hole in your company's security?

Following on from my comments about Easynews' introduction of Secure Sockets Layer (SSL) access to its Usenet file scoop-upper and download service, I was intrigued to hear about a warning on SSL from Blue Coat Systems.

According to Blue Coat, encrypting Web traffic helps to protect privacy and secure transactions, but it can also provide a cover for viruses, spyware and other pests trying to get into a corporate network.

The problem, the firm says, is that SSL provides an encrypted tunnel that lets malicious code and phishing sites by-pass most network security methods.

Because of the security risk that SSL poses, Blue Coat says it has updated its proxy product, ProxySG, to eliminate the `blind spot' in network security.

A pal of mine uses Easynews' SSL service when he's downloading at client premises, if only to keep nosey parker IT managers out of the frame.

The big question is - how many firms have the capability of snooping into SSL transmissions? Not many, I'll wager.

Judging from what Blue Coat says, SSL could be a mighty big security hole in many company's network systems.

Or have I got it all wrong?