Wireshark-users: Re: [Wireshark-users] dissecting HTTPS traffic
From: Mark Semkiw <Mark.Semkiw@xxxxxxxxxxxxx>
Date: Wed, 14 Oct 2015 16:34:29 +0000
Agreed.

Mark Semkiw, Senior Network Engineer

CCNA  CNSE  WCNA








On 10/14/15, 9:25 AM, "wireshark-users-bounces@xxxxxxxxxxxxx on behalf of gedropi@xxxxxxxxxxx" <wireshark-users-bounces@xxxxxxxxxxxxx on behalf of gedropi@xxxxxxxxxxx> wrote:

>Given that AT&T (and other telcos) have been making mirrored copies of
>phone messages for years (see EFF discovery), since Google has been
>saving our data on freighters in the Atlantic & Pacific, since Google &
>ad companies have been holding ports open and forcing their presence if
>we would like content served (somewhat like extortion), the concept of
>legality has vanished due to the complicity of so many.
>
>On Wed, Oct 14, 2015, at 09:18 AM, Mark Semkiw wrote:
>> It may not strictly be illegal but at our company we have taken the tack
>> that we just don’t decrypt users traffic, especially sensitive usernames
>> and passwords to sites like online banking and healthcare, it’s not worth
>> the risk of an employee getting compromised and then coming back and
>> saying that we had the data so we must have been the one’s that got
>> compromised.   I guess it’s more of a management decision, but I imagine
>> depending on what country/state you are in there are also some legal
>> issues to content with.
>> 
>> Mark Semkiw, Senior Network Engineer
>> 
>> CCNA  CNSE  WCNA
>> 
>> 
>> From:
>> <wireshark-users-bounces@xxxxxxxxxxxxx<mailto:wireshark-users-bounces@xxxxxxxxxxxxx>>
>> on behalf of Noam Birnbaum
>> Reply-To: Community support list for Wireshark
>> Date: Tuesday, October 13, 2015 at 8:08 PM
>> To: Community support list for Wireshark
>> Subject: Re: [Wireshark-users] dissecting HTTPS traffic
>> 
>> Mark, I'm curious about your statement that it's not legal to decrypt
>> users' traffic without them being aware. Since companies are constantly
>> asserting that they own all the data on their devices and network, why
>> would a user's personal traffic, even if it's of a sensitive nature, be
>> any different?
>> 
>> Thanks!
>> noam
>> 
>> On Tue, Oct 13, 2015 at 9:00 AM, Mark Semkiw
>> <Mark.Semkiw@xxxxxxxxxxxxx<mailto:Mark.Semkiw@xxxxxxxxxxxxx>> wrote:
>> Because technically it’s not legal to decrypt users traffic without them
>> being aware.  It could reveal things like online banking passwords and
>> such.  We use PA firewalls and they have the ability to do SSL decryption
>> but I can’t actually see the traffic, the firewall uses layer 7
>> inspection to and it’s own internal rule base/security signatures do
>> decide if the traffic gets passed or not.
>> 
>> Mark Semkiw, Senior Network Engineer
>> 
>> CCNA  CNSE  WCNA
>> 
>> 
>> From:
>> <wireshark-users-bounces@xxxxxxxxxxxxx<mailto:wireshark-users-bounces@xxxxxxxxxxxxx>>
>> on behalf of Noam Birnbaum
>> Reply-To: Community support list for Wireshark
>> Date: Monday, October 12, 2015 at 4:32 PM
>> To: Community support list for Wireshark
>> Subject: Re: [Wireshark-users] dissecting HTTPS traffic
>> 
>> Curious, why wouldn't you recommend doing our own MITM attack? (And how
>> would we do it?)
>> 
>> On Mon, Oct 12, 2015 at 11:22 AM, Mark Semkiw
>> <Mark.Semkiw@xxxxxxxxxxxxx<mailto:Mark.Semkiw@xxxxxxxxxxxxx>> wrote:
>> All you can really do at that point is analyze the endpoints and see if
>> you can get any info from that.  Well I guess you could setup your own
>> man-in-the-middle attack, but I wouldn’t suggest it.
>> 
>> Mark Semkiw, Senior Network Engineer
>> 
>> CCNA  CNSE  WCNA
>> 
>> 
>> From:
>> <wireshark-users-bounces@xxxxxxxxxxxxx<mailto:wireshark-users-bounces@xxxxxxxxxxxxx>>
>> on behalf of Noam Birnbaum
>> Reply-To: Community support list for Wireshark
>> Date: Friday, October 9, 2015 at 4:12 PM
>> To: "wireshark-users@xxxxxxxxxxxxx<mailto:wireshark-users@xxxxxxxxxxxxx>"
>> Subject: [Wireshark-users] dissecting HTTPS traffic
>> 
>> Hey folks,
>> 
>> One of our clients has recently been having their WAN bandwidth eaten up,
>> and we've narrowed it down to one executive's computer.
>> 
>> Now we want to dissect that computer's traffic to see what it's doing.
>> However, much of it is HTTPS, so we can't see the content. Any
>> suggestions on getting a useful analysis?
>> 
>> Thanks!
>> 
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list
>> <wireshark-users@xxxxxxxxxxxxx<mailto:wireshark-users@xxxxxxxxxxxxx>>
>> Archives:    https://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>              mailto:wireshark-users-request@xxxxxxxxxxxxx<mailto:wireshark-users-request@xxxxxxxxxxxxx>?subject=unsubscribe
>> 
>> 
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list
>> <wireshark-users@xxxxxxxxxxxxx<mailto:wireshark-users@xxxxxxxxxxxxx>>
>> Archives:    https://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>              mailto:wireshark-users-request@xxxxxxxxxxxxx<mailto:wireshark-users-request@xxxxxxxxxxxxx>?subject=unsubscribe
>> 
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    https://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>___________________________________________________________________________
>Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>Archives:    https://www.wireshark.org/lists/wireshark-users
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe