Jump to content



Photo
checkinside

  • Please log in to reply
11 replies to this topic

Poll: Are you being eavesdropped on?

Are you being eavesdropped on?

You cannot see the results of the poll until you have voted. Please login and cast your vote to see the results of this poll.
Vote Guests cannot vote

#1 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 21 January 2014 - 16:03

Is your employer, school, or Internet provider eavesdropping on your secure connections?

b36v.jpg

 

This thread is not meant in anyway to bypass Internet monitoring but just let you know if any is going on.

 

https://www.grc.com/fingerprints.htm




#2 +snaphat (Myles Landwehr)

snaphat (Myles Landwehr)

    Electrical & Computer Engineer

  • Tech Issues Solved: 29
  • Joined: 23-August 05
  • OS: Win/Lin/Bsd/Osx
  • Phone: dumb phone

Posted 22 January 2014 - 01:10

This is just probably going to be another: no-one is being eavesdropped on thing since it requires the attacker to install forged certs and put a bit of effort in. Unless your computer is locked down and not managed by you, it's unlikely that you wouldn't eventually notice since using anything that didn't trust the forged cert would instantly warn you that something was wrong.



#3 TPreston

TPreston

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 18-July 12
  • Location: Ireland
  • OS: Windows 8.1 Enterprise & Server 2012R2/08R2 Datacenter
  • Phone: Nokia Lumia 1520

Posted 22 January 2014 - 01:22

^ It can be done without any warnings in the browser, All you need is an enterprise ca and a https proxy like tmg

#4 +LogicalApex

LogicalApex

    Software Engineer

  • Tech Issues Solved: 8
  • Joined: 14-August 02
  • Location: Philadelphia, PA
  • OS: Windows 7 Ultimate x64
  • Phone: Nexus 5

Posted 22 January 2014 - 01:26

I don't see how this can be extrapolated to the ISP level... This tool seems to be attempting to scare people more than needed.

 

^ It can be done without any warnings in the browser, All you need is an enterprise ca and a https proxy like tmg

Wouldn't this still require the Enterprise CA to be added to the browsers list of trusted root stores?

 

I mean if SSL was trivially susceptible to MITM attacks we wouldn't be relying on it...



#5 TPreston

TPreston

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 18-July 12
  • Location: Ireland
  • OS: Windows 8.1 Enterprise & Server 2012R2/08R2 Datacenter
  • Phone: Nokia Lumia 1520

Posted 22 January 2014 - 01:31

Yeah it needs to be in their trusted root sore (automatically done if its a ad cert services enterprise ca)

#6 Enron

Enron

    Windows for Workgroups

  • Tech Issues Solved: 1
  • Joined: 30-May 11
  • OS: Windows 8.1 U1
  • Phone: Nokia Lumia 900

Posted 22 January 2014 - 01:34

Poll option missing, Yes: NSA



#7 +LogicalApex

LogicalApex

    Software Engineer

  • Tech Issues Solved: 8
  • Joined: 14-August 02
  • Location: Philadelphia, PA
  • OS: Windows 7 Ultimate x64
  • Phone: Nexus 5

Posted 22 January 2014 - 01:34

Yeah it needs to be in their trusted root sore (automatically done if its a ad cert services enterprise ca)

Yeah, but if you're in an AD environment why would you assume that any of the communications are private? Using a work computer is the same as using a public computer... You shouldn't expect that there isn't someone listening in on the system as you have no idea what is running on it. It could have a keylogger buried in a rootkit... Skipping the whole MITM SSL issues altogether...



#8 +snaphat (Myles Landwehr)

snaphat (Myles Landwehr)

    Electrical & Computer Engineer

  • Tech Issues Solved: 29
  • Joined: 23-August 05
  • OS: Win/Lin/Bsd/Osx
  • Phone: dumb phone

Posted 22 January 2014 - 01:35

Wouldn't this still require the Enterprise CA to be added to the browsers list of trusted root stores?

 

I mean if SSL was trivially susceptible to MITM attacks we wouldn't be relying on it...

Yup, that was entirely the point :laugh:, it'd be something likely discovered if you had any unmanaged computers on the network for that reason

 

 

Yeah, but if you're in an AD environment why would you assume that any of the communications are private? Using a work computer is the same as using a public computer... You shouldn't expect that there isn't someone listening in on the system as you have no idea what is running on it. It could have a keylogger buried in a rootkit... Skipping the whole MITM SSL issues altogether...

 

Or a remote viewer for snooping (I know for a fact a few of the national labs do this). Hardily need to forge certs ;-)



#9 Torolol

Torolol

  • Joined: 24-November 12

Posted 22 January 2014 - 01:38

its still possible to do MITM if the CA was compromised.
for example in 2001 VeriSign (CA) did issuing TWO fraudulent "Microsoft" certificates,
which prompt Microsoft to add those certificates into Untrusted Publisher category in IE certificates list.

#10 Praetor

Praetor

    ASCii / ANSi Designer

  • Tech Issues Solved: 4
  • Joined: 05-June 02
  • Location: Lisbon
  • OS: Windows Eight dot One dot One 1!one

Posted 22 January 2014 - 01:48

Yup, that was entirely the point :laugh:, it'd be something likely discovered if you had any unmanaged computers on the network for that reason

 

 
 

Or a remote viewer for snooping (I know for a fact a few of the national labs do this). Hardily need to forge certs ;-)

 

the quickest way for anyone on a domain to know if their communications are being eavesdropped is to surf a bunch of transsexual, one-handed, lesbian, big boobs midget pron and notice if the administration or the IT guys start viewing you in a "different" way; if yes then you are being observed. :laugh: :rofl:



#11 +snaphat (Myles Landwehr)

snaphat (Myles Landwehr)

    Electrical & Computer Engineer

  • Tech Issues Solved: 29
  • Joined: 23-August 05
  • OS: Win/Lin/Bsd/Osx
  • Phone: dumb phone

Posted 22 January 2014 - 01:52

the quickest way for anyone on a domain to know if their communications are being eavesdropped is to surf a bunch of transsexual, one-handed, lesbian, big boobs midget pron and notice if the administration or the IT guys start viewing you in a "different" way; if yes then you are being observed. :laugh: :rofl:

From what I heard, people would search for c-string a lot and end up with something they weren't looking for...  :cool:



#12 Praetor

Praetor

    ASCii / ANSi Designer

  • Tech Issues Solved: 4
  • Joined: 05-June 02
  • Location: Lisbon
  • OS: Windows Eight dot One dot One 1!one

Posted 22 January 2014 - 02:00

From what I heard, people would search for c-string a lot and end up with something they weren't looking for...  :cool:

 

once i was searching in Google for "beaches" so i could setup my wallpaper... it didn't end well (safe search didn't exist back then). :laugh: