eavesdropping?

Discussion in 'Computer Security' started by macarro, Dec 13, 2006.

  1. macarro

    macarro Guest

    Hello,

    I am trying to access a secure website (https) from my workplace, I use
    Firefox2 running from an USB for that, the problem is that the browser
    complaints that the site certificate does not match with the site name
    and in looking at it closer I see this:

    "Common Name: localhost.localdomain
    Organization: SomeOrganization
    Serial number: 00"

    And so on, is it possible the administrator of the network I am using is
    eavesdropping on my https connexions? And if that is the case, can I get
    around this?

    Needless to say that I have rejected such certificate.




    --
    mapping the internet 24/7 http://www.netdimes.org
     
    macarro, Dec 13, 2006
    #1
    1. Advertising

  2. macarro wrote:

    > I am trying to access a secure website (https) from my workplace, I use
    > Firefox2 running from an USB for that, the problem is that the browser
    > complaints that the site certificate does not match with the site name
    > and in looking at it closer I see this:
    >
    > "Common Name: localhost.localdomain
    > Organization: SomeOrganization
    > Serial number: 00"
    >
    > And so on, is it possible the administrator of the network I am using is
    > eavesdropping on my https connexions?


    Well, not yet. You have to accept the spoofed certificate first. :)

    > And if that is the case, can I get around this?


    You'd need a tunnel that doesn't get actively modified. Hardly achievable
    without installing specialized software, which is most likely prohibited as
    well.

    > Needless to say that I have rejected such certificate.


    Of course, just look at the ON and the Serial#. The CN doesn't seem that
    reasonable either. I'd say the admin is competent enough to install
    something to intercept SSL connections, but not quite competent to actually
    create some reasonable certificate which clearly points out that purpose.

    At any rate, even if you accepted a valid certificate, you wouldn't be off
    much better, As the admin has control over the machine, he can log and/or
    modify all input and output, including keystrokes. Thus, it's never a good
    idea to do sensible stuff on non-trusted machines.
     
    Sebastian Gottschalk, Dec 13, 2006
    #2
    1. Advertising

  3. macarro

    Moe Trin Guest

    On Wed, 13 Dec 2006, in the Usenet newsgroup alt.computer.security, in article
    <elopss$q8q$>, macarro wrote:

    >I am trying to access a secure website (https) from my workplace,


    Is access to the secure website required as part of your job? If so,
    contact your network administrator.

    >And so on, is it possible the administrator of the network I am using is
    >eavesdropping on my https connexions? And if that is the case, can I get
    >around this?


    Certainly. Do your personal surfing from home on your own time.

    Old guy
     
    Moe Trin, Dec 13, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve

    VOIP over Wi-Fi subject to eavesdropping?

    Steve, Aug 4, 2005, in forum: Wireless Networking
    Replies:
    51
    Views:
    1,682
    Peter Hayes
    Aug 9, 2005
  2. Steve
    Replies:
    1
    Views:
    444
    Marc Popek
    Nov 4, 2005
  3. Steve
    Replies:
    0
    Views:
    424
    Steve
    Aug 4, 2005
  4. Steve
    Replies:
    1
    Views:
    451
    Wolfgang S. Rupprecht
    Aug 4, 2005
  5. Replies:
    1
    Views:
    394
    donnie
    Apr 19, 2006
Loading...

Share This Page