Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Save from Proxy
December 28, 2006, 5:14 pm
rate this thread
system administrator here probably our admins intercept the traffic
that is going via proxy I doubt this because number of times when I
tried to log in to some of my mails I got a message Site Identity not
verified I guess that might be a problem because of a fake SSL
certificates (might be expired authority certificate) or what soever be
the reason I could never trust to the site that I am connecting
neither I can not trust my Network Admins it has become a serious
now ,I would be thankful if some one could tell a solution to my
problem I use Linux only and there are no super user previleges to me
what can I do to save my self
because of this problem I have stopped browsing
- Ertugrul Soeylemez
December 30, 2006, 5:29 am
Re: Save from Proxy
You might try to clean up your orthography and grammar, so you get
serious answers from others, too. But since I'm not that pedantic,
there you go:
If you mean the certificate of the proxy server, they might be using a
self-signed certificate to save a lot of money. This isn't necessarily
bad, but also makes it impossible for you to verify the site's
authenticity, unless you compare the fingerprints of the real
certificate (which you need to have saved somewhere in the first place)
and the one you get presented.
If you instead mean the certificate of the site, you want to connect to,
then it's an entirely different story. If the SSL certificate is valid
outside of the untrusted network, but becomes invalid, as soon as you
enter it, this is a clear sign that the administrators are replacing it.
This is a (failed) MITM attack, which allows the administrators to read
even encrypted traffic. It does not in your case, because you (or at
least your browser) detected that fact.
Well, if for some reason `surfing' in that sense is allowed in the
network you are referring to, you still shouldn't do that. You might,
however, consider using a proxy server with a more exotic protocol,
which the administrators are unlikely to intercept. Maybe it is even as
easy as using a proxy server on a non-standard port. It would probably
be much more secure to create an encrypted virtual private network with
your home computer.
But as you know, a chain is only as strong as its weakest link. So
unless you (and only you) have full access to both your home computer
and the computer inside the untrusted network, you're lost.
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security