A few days ago the videos of the Rooted CON 2012 were published, a conference that takes place every year in Spain. I was looking at one of the presentations given by Chema Alonso and Manu The Sur, both security specialists from the company Informtica 64.
Of course, all of this was done without malicious intentIn addition, it was the users themselves who intentionally connected to their server to navigate. During the experiment they found very curious and even cyber criminals who used the proxy to do their thing.
At the end of the presentation, they perform a live demo so that the risks of the attack are better understood:
Finally, for those who want to learn more… Chema has published on his blog a series of 5 articles that explain in detail everything done in the experiment. Very good!