Some companies run boxes that intercept outgoing TLS/SSL connections, by using their own certificates that employees’ machines are configured to accept, in order to enforce policies on access to outside sites. Trouble is, many of these boxes introduce their own vulnerabilities into the system, by allowing new kinds of attacks from outside. <https://www.theregister.co.uk/2017/03/17/are_you_undermining_your_web_security_by_checking_on_it_with_the_wrong_tools/>