Wireshark-users: Re: [Wireshark-users] dissecting HTTPS traffic
From: Mark Semkiw <[email protected]>
Date: Wed, 14 Oct 2015 16:34:29 +0000
Agreed.

Mark Semkiw, Senior Network Engineer

CCNA  CNSE  WCNA








On 10/14/15, 9:25 AM, "[email protected] on behalf of [email protected]" <[email protected] on behalf of [email protected]> wrote:

>Given that AT&T (and other telcos) have been making mirrored copies of
>phone messages for years (see EFF discovery), since Google has been
>saving our data on freighters in the Atlantic & Pacific, since Google &
>ad companies have been holding ports open and forcing their presence if
>we would like content served (somewhat like extortion), the concept of
>legality has vanished due to the complicity of so many.
>
>On Wed, Oct 14, 2015, at 09:18 AM, Mark Semkiw wrote:
>> It may not strictly be illegal but at our company we have taken the tack
>> that we just don’t decrypt users traffic, especially sensitive usernames
>> and passwords to sites like online banking and healthcare, it’s not worth
>> the risk of an employee getting compromised and then coming back and
>> saying that we had the data so we must have been the one’s that got
>> compromised.   I guess it’s more of a management decision, but I imagine
>> depending on what country/state you are in there are also some legal
>> issues to content with.
>> 
>> Mark Semkiw, Senior Network Engineer
>> 
>> CCNA  CNSE  WCNA
>> 
>> 
>> From:
>> <[email protected]<mailto:[email protected]xxx>>
>> on behalf of Noam Birnbaum
>> Reply-To: Community support list for Wireshark
>> Date: Tuesday, October 13, 2015 at 8:08 PM
>> To: Community support list for Wireshark
>> Subject: Re: [Wireshark-users] dissecting HTTPS traffic
>> 
>> Mark, I'm curious about your statement that it's not legal to decrypt
>> users' traffic without them being aware. Since companies are constantly
>> asserting that they own all the data on their devices and network, why
>> would a user's personal traffic, even if it's of a sensitive nature, be
>> any different?
>> 
>> Thanks!
>> noam
>> 
>> On Tue, Oct 13, 2015 at 9:00 AM, Mark Semkiw
>> <[email protected]<mailto:[email protected]>> wrote:
>> Because technically it’s not legal to decrypt users traffic without them
>> being aware.  It could reveal things like online banking passwords and
>> such.  We use PA firewalls and they have the ability to do SSL decryption
>> but I can’t actually see the traffic, the firewall uses layer 7
>> inspection to and it’s own internal rule base/security signatures do
>> decide if the traffic gets passed or not.
>> 
>> Mark Semkiw, Senior Network Engineer
>> 
>> CCNA  CNSE  WCNA
>> 
>> 
>> From:
>> <[email protected]<mailto:[email protected]>>
>> on behalf of Noam Birnbaum
>> Reply-To: Community support list for Wireshark
>> Date: Monday, October 12, 2015 at 4:32 PM
>> To: Community support list for Wireshark
>> Subject: Re: [Wireshark-users] dissecting HTTPS traffic
>> 
>> Curious, why wouldn't you recommend doing our own MITM attack? (And how
>> would we do it?)
>> 
>> On Mon, Oct 12, 2015 at 11:22 AM, Mark Semkiw
>> <[email protected]<mailto:[email protected]>> wrote:
>> All you can really do at that point is analyze the endpoints and see if
>> you can get any info from that.  Well I guess you could setup your own
>> man-in-the-middle attack, but I wouldn’t suggest it.
>> 
>> Mark Semkiw, Senior Network Engineer
>> 
>> CCNA  CNSE  WCNA
>> 
>> 
>> From:
>> <[email protected]<mailto:[email protected]>>
>> on behalf of Noam Birnbaum
>> Reply-To: Community support list for Wireshark
>> Date: Friday, October 9, 2015 at 4:12 PM
>> To: "[email protected]<mailto:[email protected]>"
>> Subject: [Wireshark-users] dissecting HTTPS traffic
>> 
>> Hey folks,
>> 
>> One of our clients has recently been having their WAN bandwidth eaten up,
>> and we've narrowed it down to one executive's computer.
>> 
>> Now we want to dissect that computer's traffic to see what it's doing.
>> However, much of it is HTTPS, so we can't see the content. Any
>> suggestions on getting a useful analysis?
>> 
>> Thanks!
>> 
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list
>> <[email protected]<mailto:[email protected]>>
>> Archives:    https://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>              mailto:[email protected]<mailto:[email protected]>?subject=unsubscribe
>> 
>> 
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list
>> <[email protected]<mailto:[email protected]>>
>> Archives:    https://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>              mailto:[email protected]<mailto:[email protected]>?subject=unsubscribe
>> 
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <[email protected]>
>> Archives:    https://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>              mailto:[email protected]?subject=unsubscribe
>___________________________________________________________________________
>Sent via:    Wireshark-users mailing list <[email protected]>
>Archives:    https://www.wireshark.org/lists/wireshark-users
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:[email protected]?subject=unsubscribe