Hm, was thinking about this today. Wouldn't surprise me if the IT admins at my workplace had sniffers and were reading internet accesses....

Now if only I could access this site thru SSL they wouldn't get squat

-nt20

I am shocked and dismayed that you may be accessing this Forum on company time and with company equipment.

Or am I just shocked and dismayed that you haven't spent more time trying to figure out how to "reverse" any potential "spyware" your employer may be using. Haven't you figured out how to make the "system" think it's someone else's machine that doing the dirty deed?

And are you assuming that if you accessed this site through "their" internet connection using SSL that they would not still know that you are accessing this URL and that you are attempting to "conceal" the content of your surfing from their view? Often the "appearance" of impropriety is more damning than "actual" impropriety.

"Oh, I'm sorry, I was just doing my online banking. Yah, right. If you are going to cheat, you better give it "careful" thought.

Of course, we already know that you are way too valuable to the company to fire, because we have been using your internet access here to piggyback into their servers to read "their" files. Oh, no. Wait. That's Hacking and that's not what we do here. That's just what some of my former collegues at NSA, Oh. ssssh. Whatever you do, Don't say "carnivore." Really pisses them off. Don't tell them I mentioned it .... again.

Regards,

I'm shocked and dismayed that this site would be deemed any more inappropriate than say a C programming forum. In that case we've really got to clean up our act!

nikola: STunnel + Squid...

Hehe,

JMI: There was a time when I DID have that proxy on someone else's system

Kayaker: It's only a matter of P.C. Technically this site isn't bad but who knows ppl are uptight ?

This site is good for my mental health (keeps me thinking sharp) anyway so really it improves my job performance then, right :P


I can connect to my system at home and use it as a proxy, maybe I can set up something encrypted that way. 'cause proxy or no, if it aint encrypted they could sniff it.

-nt20

Thanks Delta, stunnel looks like a viable solution. I can run it on my home PC and then connect to that from work using stunnel (I think). I'll look into it.

-nt20

Yes, run STunnel at your work computer, local port as input end and your home computer as output end. Run another STunnel at your home system, input end catching the output end of the other STunnel and output end directed to the input port of the Squid (or any other) proxy running at the same system. Then set the local port on your work computer to be proxy in your browser. Kablammo, you have a generic SSL proxy that will access any site, encrypting all data as far as your employer's system is concerned...

or use remote desktop (terminal services) to connect to your home computer and web browse on that. the communications are encrypted.

I have UltraVNC on my home system, so really I CAN browse thru the remote interface, it's just kinda slow. Stunnel would probably be faster. And I'm using Proxomitron proxy so I could connect stunnel to it.

-nt20

Yep, remoting a computer is often annoyingly slow, ugly and well, annoying. It might also cause problems with corporate firewalls and such, I like the solution from that dELTA fellow much better too.

Now there's a REAL surprise.

Regards,

ok, got stunnel up and running on my system at home.

The only thing I couldn't figure out yet was how to restrict access to the stunnel port on the open system at home...

otherwise ppl may start using my system as a proxy.

um, ignore my IP address :P

-nt20

Nope. Too late.

Regards,

Any decent personal firewall software has IP filtering per application. Simply set it to only accept incoming connections from your work to the STunnel process, and you're safe.

You think I'm going to run personal firewall software? *blech* load my system.


-nt20

And then all you have to worry about is their inquiring as to why you are spending "way" too much time connected to your home computer. Remember that a good cover story is best prepared in advance of when they begin to tighten down the thumb screws.

I can attest from personal experience, that waiting untill you are dragged out of a motel room at 2:00 a.m., having had a pillow case thrown over your head and being tossed in the trunk of a vehicle and driving off to interrogation, is really NOT the right time to first start planning what one intends to offer as a "plausable" explanation of one's activities. Fortunately, I hadn't waited. But that's another story. And if I told it to you, I'd probably then have to kill you anyway.

Regards,

Howdy,

If we are to be "paranoid" about what the admins are watching, wouldnt it be better to let them see something generic like a connection to google or altavista et al;

If they see a connection to one site for an extended period of time, better they think you are doing "real" research instead of other things.

Woodmann

JMI: I figured I'd just tell them that I'm just testing things out.

But anyway, haha yes I've thought to myself. Suppose they were watching what sites were visited often, etc. And then now they see my connection is always to some foreign IP address, and they can't even look at the data since it's encrypted :P But hey perhaps it's just the yahoo e-mail login form :P

I do think it's kinda funny tho that in reality since now the stream is encrypted a person could basically go to any internet site they wished without fear of reprisal. For example, *naughty* sites. Not that I would do such a thing at work of course. Just an interesting observation. Maybe they have some software that watches all the data that comes thru and sifts for keywords. In any case, once it's SSL'ed they are screwed.

So I can really only think of 3 things happening:

1. Nothing
2. They realize it's encrypted and block the IP address of my home system.
3. They realize it's encrypted and ask me why. In this case they would openly reveal that they DO watch the data. So doubt this would happen, by you never know.

-nt20


-nt20

I think perhaps you are missing the bigger picture. It is, after all, "their" internet connection. You "use" it only with their permission and they can monitor it as they wish, although it helps if there is something in your employment package, which you probably didn't read, which explains they have the right to do so.

However, you are only thinking about the issue of their knowing what "exactly" you are doing on the net, when the more "obvious" obversation they can easily make is that you are both "using" their net connection and making obvious efforts at "concealing" exactly what the heck you are doing by encrypting your data stream "from THEM."

As an employer, I would probably "fire your ass" simply for doing "that" faster than I would for surfing some internet site I might not approve of. The latter action suggest you might be a slacker, wasting valuable time I pay you to do work on "my" stuff. The former strongly suggest you are fricking dangerous because you are doing "something" YOU feel is necessary to actually conceal from my view, and I then begin to wonder what important company information you might be shipping off to places where I might not want it to go (like the IRS or EPA or something ).

The point you are missing is you aren't hiding your "USE" of the internet, you're only providing them with proof YOU don't want them to know "to do what?" Thinking you have concealed the "what" you tend to ignore the "when" and "how much" but you are NOT concealing that unless you are detouring through another machine at the office by a method which can't be detected or traced back to YOU. Of course if you make them suspicious that SOMEONE is doing this, then they have a mystery to solve and that is what THEY get paid to do. It's as addictive for them as Reversing is for us.

Planning requires that you view the issue from the uptight perspective of the office IT watchdog, not from a more calm view to which you might approach the issue if you were to discover someone else using such "tools." Suspicion is their JOB. From that perspective, you have no "need" to be encrypting your datastream, because their is nothing in THEIR business which requires you to do so, and the fact that you ARE, earns you the lable of "suspect." And "suspects" always draw the closest observation.

Those who have the admin password, assuming they are not complete dorks, can view the contents of your machine, gasp, when you aren't even in the office. Then you need to be prepared to have a good explaination WHY these programs are even ON your machine, and you better make sure you have left no trace in your various caches (on your office machine) of any of the pages you have viewed. And just why in the hell do you have encrypted folders young man?

Of course none of that is nearly as challenging as having to learn one or more completely different life histories, which you may be called upon to recite correctly in moments of intensified emotional stress. But, again, that's another story. Let me just say that the best cover story and the easest to remember is one that is close to the truth. Once you begin to make up lies DURING the coverup, the major hurtle become remembering which lies you told.

Just food for though. Oh what a tangled web we weave.

Regards,

Another quite common solution is to block outgoing SSL traffic completely, if it is not needed for any of the company's legitimate business.

Heh all right, all right, all good points.

Yes that is right, I guess I haven't been thinking clearly. The best "solution" would be to use misdirection.

I do keep my system at work clean as possible

I've thought about putting a deadswitch in the system at work :P hehe just kidding.

I think the message I get here is I should stop being such a slacker ! I kinda agree lol. Hey, at least I know how to set up stunnel now tho. So I've learned something. But JMI u scared me now so I'm going to behave for a while (probably like a week or so :P).

-nt20

worries..worries..

stop worry, be happy.

"What you are encrypting?" "Porn".
Basta!
**

nt20, don't more care about encryption,
because i just sent a mail to your work, where i'm explaining,
that you are CIA-agent.

turn on timer & wait light at end of STunnel..

Well, nt20, that would have you observing another of the "agency's" rules, (how did eval discover your true identity so quickly?) and one the Watergate "third rate burglers" forgot, which is that at the 'first" sign or suspicion your clandestine operation may have been compromised or come under potential observation, you immediately cease "all" clandestine operations and return to your cover story.

And as to the "deadswitch," any even moderately efficient network system security should have rotating physical backup copies maintained off site. But that's just another building to blow-up or burn down, so what the heck.

Who me? I'm just a regular worker bee. See me here slaving over this damn computer? Want to see what's on my harddrive? Sure. What can I do to help? Half the time the damn machine seems to be doing stuff on it's own anyway.

Regards,

Well so be it then, if you wish to accept the fact that you have all fallen into my overall plan of misdirection. After all, if I really was concerned with encryption, why would I bring it up so publicly if not to disseminate disinformation?



-nt20

Nope. Wrongo Bongo. One can NOT "disseminate disinformation" if anyone even suspects that it is "disinformation." One must appear only to be disseminating "information" and seemingly innocent information at that.

For example:

" Hi. I suspect that someone at my office may be attempting to use the company system to access the internet in a manner that would prevent detection or prevent the ability of anyone at the company from being able to determine exactly what they are, or have been doing. I've done a preliminary search on the net and don't seem to be making any progress. Can anyone steer me in the right direction on what types of tools or methods someone might use to attempt such a thing and how to potentially guard against it?"

Regards,

Haha well to me, if I read a post like that, I would immediately assume the author of the post wanted some free help on how to do the stuff themselves too. I mean that's a red flag post to anyone experienced in reversing

-nt20

In any case, just register the domain name "www.barelylegalsluts.com" to your home computer IP, and then use it as a proxy. Then you will only seem like any of the other employees in the logs when you are connected to it half of your working day. That's misdirection to ya.

OK. Time for another lesson from "James Bond, 101." The issue is "plausable denial." When the government of any country says they have no spies, no one believes them, but the answer is at least "plausable." As in "Why would WE be spying on the British, their are our friends."

Here's a test. Which message is clearly looking to be trying to screw the company? Your message:

"Hm, was thinking about this today. Wouldn't surprise me if the IT admins at my workplace had sniffers and were reading internet accesses....

Now if only I could access this site thru SSL they wouldn't get squat "

Or the one I wrote above.

Which one would you prefer to have to try to explain to the Geheime Staatspolizei while they were applying "gentle" pressure to your family jewels? Get the point?

Regards,

no

Well maybe you have no family jewels. Or it's "too many inglicH".

Regards,

both

Well, that's "eunuch."

Regards,

JMI, when edit your posts, this fact not appears on post
(probably because you are mod);
then mark yourself when you edit.

Should I also mark when I edit your, or someone else's posts also? Any other commands you have for me?

Did one of my edits spoil one of your jokes? That's not why I do them of course.

Regards,

BWAHAHAHAHAHAHAHAHAHAHAHAAHA..........

JMI/jim You are working to hard. Stop now.

Woodmann

hahahaha.. gotta love being an admin!

I ain't no "dang nabit" Admin, I am just a lowly Moderator. It's true that I'm also "Super," but that's not my fault either.

Regards,

JMI!!

>Did one of my edits spoil one of your jokes?
"cleck" !

>Any other commands you have for me?
G0 & edit back "cleck" !

Sorry eval. You are going have to remind me where this former spelling was if you hope to have me change it back.

Regards,

really you are so old? or you joke!?

Both.

Regards,

ok, sorry, oldy.
jokes closed.

Can't take the heat, huh youngin? Considering the alternatives, I'll take being an "oldy."

Regards,