Because someone else pays for the resources that you use unauthorizedly?
This may come as a shock to you, but you do not have a natural right to use resources that belong to someone else. Especially not if that some- one has taken steps to prevent you from using said resources.
By "control other people" you apparently mean "prevent other people from abusing company's resources".
cu
59cobaltWow I sure managed to get a flame war.
I have something for you to think about.
I used another solution before using the tunnel. I used to go to a friend of mine working for another company and use his computer as they did not have any firewall limitations. This took me about 45 minutes in traveling, which I charged the company for. I charge $140h, you can do the math. What I am trying to say is that you should focus on security, not limit users since they will always find ways around your pathetic obstacle course. You can throw your flames at me, but that will not change the facts.
Bye
FYI:
Oh, come on. Freedom of Speech != Buying lingerie.
Bogwitch.
So, you were buying frilly undies as part of your contracted work? Interesting job!
I'm glad you're getting paid $140ph. It means that when they do sue you, they will be well compensated.
You're walking a tightrope and one day you'll fall off. Would you do the same thing if you had a DoD contract?
Bogwitch.
Ahh so you're also guily of fraud as well.
I thought it would be obvious that the *lingerie* should not be taken literally.
I just wanted to establish motives. Your examples and stated uses demontrate a self serving need, not altruistic nor client benefitting.
You have, no doubt, reminded everyone else in here of an important lesson. Staff, including contrators may not always take 'No' for an answer!
Bogwitch.
Fact: You are an admitted criminal.
Fact: You wouldn't stand a chance on my network.
Fact: I would probably allow you to connect to your computer but I would also decode your SSL traffic and prevent any sensitive information from being transmitted, all the while I would be recording your actions so that you could be properly prosecuted.
Fact: Anyone taking your advice in this matter is an idiot.
opinions opinions
sure
Do you work as a comedian? Decode my SSL data: sure :-) Go somewhere else and spread your FUD. Your FUD might work in kindergartens.
Getting a bit personal are we? Sounds like Hitler when he was no longer in control.
After all the feedback you've received, do you really that that you're right and *EVERYONE* else is wrong?
This is no FUD, this is trivial. Just do a MITM attack at the server. You have no choice: Accept the changed certificate and the server can read everything, or reject it and your connection won't work.
Huh? Why? No one claimed that you're an idiot, just that your advice is idiotic.
Exactly.
More importantly, if the IT department cares, they'll install their own signed certificate on your PC, and when you attempt to establish an encrypted connection, they'll simply decrypt, log, and reencrypt.
Since your machine is configured to trust the certificate used during the reencryption phase, you won't even know it's happening unless you inspect the certificate (and much of that could be spoofed anyway, if an IT department was really worried about getting caught)
Notan skriver:
Well Imho any admin puting in webfiletsr are definity wrong, don'ät protect anythuing and makes life much harder. Usally this comes form the idea that poilices are bone hard and have to be technically enforced. An assumtion that actually don't work.
But may IT depetment have forgotten why they exists, whet the goal eher it, the bigger organisation the bigger risk for this. One of my main customers have these kinds of filters, i often get to use my proxy at home usin a ssh-tunnel to read relevent internet information. Out tools for security testring of the product often is blocked as hacking tools for one thing. (Yes ofcource the use us ssh and portforwaring to an external proxy is approved way of woring.)
One reason web filtering is at the workplace is protect others from seeing / reading things that someone else has on their screen they might find offensive. People should not be subjected to offensive things in their workplace. You look at what you want in the privacy of your own home.
He claimed to use his own webbrowser or a Java applet within one.
But well, if the IT department cares, he won't be able to run those in first place.
Most people who visit this forum have been in industry for long enough to know what's right and wrong. The companies we all work for are NOT democracies. If we don't like the policies of the company we work for, we are free to take our talents else where.
Most companies I know do allow limited personal browsing.. that includes checking google mail or scanning thro' news articles. Forget about Nazi IT, what you are trying to do will not be allowed even if Gandhi were your IT admin.
- Biswajit Bangalore/INDIA
Even so, if the app uses the system SSL certificates (Java does, as do many alternative browsers), the same may apply.
Even fully untrusted Java Applets have permission to preselect a user-chosen certificate on a SSLSocketConnection object.
So, this is a plausible scenario: The IT department allows an installed webbrowser (not of his own choice) as well as the installed Java VM. They also didn't implement appropriate configuration of the Java VM to disallow all but whitelisted applets, but they may have limited it to never trust any applet.
He uses these to load his applet, either from removable media or downloaded from the Internet. It may be untrusted, but it's still allowed to first select its own certificate loaded from its resource and then create a SSLSocketConnection with this certificate.
This would allow him to detect the MITM attack.
But still he won't have any choice. Either it won't work or he will be sniffed.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.