XPost: sci.crypt, alt.computer.security   
   From: no-email@bogus.nix   
      
   "Lawrence Rodis" said in   
   news:k2ESb.3993$F23.1146@newsread2.news.pas.earthlink.net:   
   > George,   
   >   
   > To prevent your ISP, what Flag said is correct.  For your Company,   
   > they could have access to everything you do in minutes.  Look at   
   > spectorsoft.com and their spector professional edition.  I'm using it   
   > on PC for several clients.  And have caught folks doing things they   
   > should not.  Best to keep your private stuff off of other peoples   
   > PC's.   
   >   
   >   
   >   
   > "George"  wrote in message   
   > news:f86efd4e.0401301646.3729e776@posting.google.com...   
   >> Hi,   
   >>   
   >> I would be grateful if someone could give me some advice.   
   >> Not wanting my ISP or employer to see confidential emails and   
   >> surfing, I have set up a service with companies providing secure web   
   >> browsing (Idzap, the cloak, etc). So my web browser is using https   
   >> using certificates from the company offering this service.   
   >> I have read about possibilities of intercepting the https with "man   
   >> in the middle" or maybe other techniques.   
   >> How difficult it is for an ISP or my company’s network   
   >> administrator to do that. Translated in money, how much would they   
   >> need to spend to do that.   
   >> Are there any better solutions, maybe a VPN service, Kerberos setup   
   >> or anything else possible.   
   >> Of course the above assumes that the secure service provider is   
   >> trusted on which I would be keen to find any of their commonly known   
   >> policies. (maybe suggestions)   
   >>   
   >> Many thanks   
   >>   
   >> George   
      
   But since the connection is SSL secured, why would the user care that you   
   could sniff out their encrypted HTTP datastream?  It'll look like a bunch of   
   garbage to you, the sniffer.  You can still see *where* they are navigating   
   but you cannot see *what* they are sending and receiving.   
      
   The only way that spectorsoft.com could be determining what the user is   
   sending (but not what they are receiving) is to install a client on that   
   user's computer.  That is, the product would have to install a keylogger.   
   That appears to be what the product does since it states, "..., Spector Pro   
   contains seven integrated tools that record: ..., keystrokes typed, ...".   
      
   You had better make sure that you have permission from each department to do   
   this sniffing and keylogging.  Our department, for example, sometimes has   
   highly sensitive data between us and a partner that no one else in the   
   company should see (and anyone else seeing the data is a severe breach in   
   security).  We even have to be in a separate section of the building, all   
   papers must be discarded in our wastebaskets and not outside our locked room   
   (because it gets handled separately and securely from the other trash),   
   recording devices are definitely taboo, and so on.  If we caught anyone in   
   IS or elsewhere in our company sniffing our communications, even if they   
   were encrypted, they'd get laid off or, at least, suspended.  Just like   
   there are laws prohibited unauthorized wire tapping, there are always   
   internal policies and politics that dictate if anyone can go sniffing just   
   because they are curious.  You need to establish well written and understood   
   policies and make sure all departments are educated (and you, too, about   
   what you are NOT allowed to do regarding communications from some   
   departments).   
      
   As far as the keylogger client, that wouldn't survive very long on my hosts.   
   By going through an intermediary but external anonymizer service using SSL,   
   all you could see is that I was connecting to that service but not where I   
   was actually connecting to past that service.  If e-mails are sensitive then   
   the sender should be using encryption.  You can see in your mail server logs   
   (and don't need SpectorSoft) where the e-mail went but not its content.  Of   
   course, if anyone from IS installed anything on our alpha lab hosts, they   
   would get their ass royally kicked for corrupting our known configurations   
   used for testing.   
      
      
   --   
   ____________________________________________________________   
   *** Post replies to newsgroup.  E-mail is not accepted. ***   
   ____________________________________________________________   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)