m2f2 (1420929) writes "I was talking with a colleague of mine about the new incarnation of good ol' Microsoft ISA server, the TMG edition.
Browsing thru the filtering options I found this little gem (http://technet.microsoft.com/en-us/library/dd441053.aspx). To inspect https traffic, nothing better than generating your fake certificate in the name of the target site, acting as man-in-the-middle.
So when accessing www.yourbank.com you will be presented with a fake certificate issued by Microsoft TMG, Internet Explorer will trust it because signed by a CA in your trusted ring et voilà... your banking session ends — in cleartext — at proxy level.
Nice way to get sure that techies will do their ebanking at home."
Link to Original Source