[TriLUG] Frontier doing packet inspection?

porter porter at trilug.org
Sun Dec 8 19:46:07 EST 2013


> Hopefully not (at least that I am aware of !) - you'd at least have 
> to
> trust a non-standard CA for SSL inspection/interception to work, at
> least that's how it works on the BlueCoat (and other web filter
> products I've seen).
> ...
> Of course in a corp network pushing out an additional
> CA cert via group policy or such like is pretty easy....

David is right.  It's pretty easy for a corporate IT department to 
plant
their own root CA certificate on client machines, and then they can do
man-in-the-middle snooping.

When my office was recently acquired by a large multi-national company
with virtually unlimited IT budget, I decided to study up on what I
could do to protect myself against surreptitious snooping.  Our new IT
department DOES run an agent (as root) on all machines.  They CLAIM 
that
it just tracks software licenses, but I have seen it passing some bits
of snoopery up to the mother ship, and that made me a little more 
cautious.
So I did some research.

 From what I could tell, SSH is pretty hardened against this attack
because it compares the fingerprint of the server's certificate to what
it stored last time in ~/.ssh/known_hosts.

For the browser and email,  I found a Firefox/Thunderbird plugin called
"Certificate Patrol" which does something similar, comparing the server
certificates to the last-seen values, and also looking at the chain of
certificate authorities.  Certificate Patrol can be quite noisy on some
sites like Google, which sends you to different servers all the time.
But it should do a good job on sites like TriLUG or on my own personal
server.

I say *should* do a good job... but I had varying results.  I 
deliberately
regenerated certificates on my personal web site, and most of the time 
it
did not warn me.

So I think I am missing something with Certificate Patrol.

Anyone else out there want to compare tinfoil hats?


Alan




More information about the TriLUG mailing list