Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I am trying to access a secure website (https) from my workplace, I use
Firefox2 running from an USB for that, the problem is that the browser
complaints that the site certificate does not match with the site name
and in looking at it closer I see this:

"Common Name: localhost.localdomain
Organization: SomeOrganization
Serial number: 00"

And so on, is it possible the administrator of the network I am using is
eavesdropping on my https connexions? And if that is the case, can I get
around this?

Needless to say that I have rejected such certificate.

mapping the internet 24/7 http://www.netdimes.org

Re: eavesdropping?

macarro wrote:

Quoted text here. Click to load it

Well, not yet. You have to accept the spoofed certificate first. :-)

Quoted text here. Click to load it

You'd need a tunnel that doesn't get actively modified. Hardly achievable
without installing specialized software, which is most likely prohibited as

Quoted text here. Click to load it

Of course, just look at the ON and the Serial#. The CN doesn't seem that
reasonable either. I'd say the admin is competent enough to install
something to intercept SSL connections, but not quite competent to actually
create some reasonable certificate which clearly points out that purpose.

At any rate, even if you accepted a valid certificate, you wouldn't be off
much better, As the admin has control over the machine, he can log and/or
modify all input and output, including keystrokes. Thus, it's never a good
idea to do sensible stuff on non-trusted machines.

Re: eavesdropping?

On Wed, 13 Dec 2006, in the Usenet newsgroup alt.computer.security, in article

Quoted text here. Click to load it

Is access to the secure website required as part of your job?  If so,
contact your network administrator.

Quoted text here. Click to load it

Certainly. Do your personal surfing from home on your own time.

        Old guy

Site Timeline