User: Password:
|
|
Subscribe / Log in / New account

HTTPS interception in Nokia's mobile browser

HTTPS interception in Nokia's mobile browser

Posted Jan 28, 2013 21:38 UTC (Mon) by dlang (subscriber, #313)
In reply to: HTTPS interception in Nokia's mobile browser by nim-nim
Parent article: HTTPS interception in Nokia's mobile browser

>>> Once a crypto tunnel is established there is no reason to rely on urls to transmit information. Most spam/phishing detection software relies heavily on url patterns to catch it

>> I still can not parse this. Care to explain?

> After the https handshake there is no obligation to use http at all inside the tunnel

It's worse than that, almost no firewalls even force you to do the https handshake, they just allow anything that's on port 443 through, so you can use any protocol at all.

There are a handful of good firewalls (sidewinder being one) and IDS systems that will still watch port 443 traffic and alert you if they see something that doesn't look like https on that port, but if you go that far, you really do need to go further and have a full https mitm proxy/filter

As for the thought that you don't have confidential information on a Internet connected device, do you really think that executives who have all sorts of confidential information on their systems (including a ton of stuff in their e-mail about financial data of the company, plans for the future, etc) are not going to be connected to the Internet at some point?

There are places for isolated networks, but corporate desktops are not one of them.


(Log in to post comments)

HTTPS interception in Nokia's mobile browser

Posted Jan 28, 2013 21:48 UTC (Mon) by raven667 (subscriber, #5198) [Link]

In practice people don't bother to take precautions to protect sensitive data, that doesn't mean its not a good idea or possible, also there is an implicit assumption of risk that is being taken when executives run around with sensitive data on their laptops that they then lose. I suppose it depends on their assumption of risk and how radioactive/poisonous the data they handle is, between some stock speculator getting an earnings report a day early or a HIPPA violation and public disclosure.

HTTPS interception in Nokia's mobile browser

Posted Feb 1, 2013 11:28 UTC (Fri) by basdebakker (guest, #60977) [Link]

Executives with desktops? Are you serious?

Our company has web filters, including HTTPS proxies that do a MITM with a certificate that they install in your browser.

Then our executives take their laptops and connect them to their home network, the airport network, etc. So do I.

HTTPS interception in Nokia's mobile browser

Posted Feb 1, 2013 11:39 UTC (Fri) by hummassa (subscriber, #307) [Link]

> Then our executives take their laptops and connect them to their home network, the airport network, etc. So do I.

Meaning a two-bit hacker can compromise any data in those laptops at any time he wants, and all the proxying/MITMing infrastructure is just security theatre...

HTTPS interception in Nokia's mobile browser

Posted Feb 1, 2013 14:33 UTC (Fri) by anselm (subscriber, #2796) [Link]

Meaning a two-bit hacker can compromise any data in those laptops at any time he wants, and all the proxying/MITMing infrastructure is just security theatre...

Not if all the internet access from those machines goes through a VPN back to the company (and the proxying/MITM infrastructure) even if they are in the home or airport network.

HTTPS interception in Nokia's mobile browser

Posted Feb 1, 2013 21:08 UTC (Fri) by khim (subscriber, #9252) [Link]

Of course it does not do that! VPNs are often incompatible with weird airport/hotel setups. Sometimes "Internet access" means just "http proxy access" and if stuff does not work in this setting executives become quite angry.

HTTPS interception in Nokia's mobile browser

Posted Feb 1, 2013 21:53 UTC (Fri) by anselm (subscriber, #2796) [Link]

VPNs are often incompatible with weird airport/hotel setups.

Whatever. I travel rather a lot and have yet to find an airport/hotel setup that couldn't be made to work with our VPN. Running OpenVPN on TCP port 443 with the client in http-proxy mode helps. If all else fails then at least in-country there is always 3G which supports OpenVPN just fine, thank you very much.

HTTPS interception in Nokia's mobile browser

Posted Feb 2, 2013 13:38 UTC (Sat) by hummassa (subscriber, #307) [Link]

Once you connected to the airport network (usually unencrypted, at least for the handshakes), what makes you think he hacker fifty feet behind you can't see your Facebook cookies, poison one of your apps, or do something that makes him access the juicy bits on your local email folders? And if you think 1% of the executives is careful enough or knowledgeable enough to avoid those kinds of traps, even in post-SabOx world, I do have a bridge or two to sell you. Espionage is simple these days; if your data isn't locked, it is not just yours.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds