Wireshark-users: Re: [Wireshark-users] dissecting HTTPS traffic

Date: Wed, 14 Oct 2015 09:25:25 -0700
Given that AT&T (and other telcos) have been making mirrored copies of
phone messages for years (see EFF discovery), since Google has been
saving our data on freighters in the Atlantic & Pacific, since Google &
ad companies have been holding ports open and forcing their presence if
we would like content served (somewhat like extortion), the concept of
legality has vanished due to the complicity of so many.

On Wed, Oct 14, 2015, at 09:18 AM, Mark Semkiw wrote:
> It may not strictly be illegal but at our company we have taken the tack
> that we just don’t decrypt users traffic, especially sensitive usernames
> and passwords to sites like online banking and healthcare, it’s not worth
> the risk of an employee getting compromised and then coming back and
> saying that we had the data so we must have been the one’s that got
> compromised.   I guess it’s more of a management decision, but I imagine
> depending on what country/state you are in there are also some legal
> issues to content with.
> 
> Mark Semkiw, Senior Network Engineer
> 
> CCNA  CNSE  WCNA
> 
> 
> From:
> <wireshark-users-bounces@xxxxxxxxxxxxx<mailto:wireshark-users-bounces@xxxxxxxxxxxxx>>
> on behalf of Noam Birnbaum
> Reply-To: Community support list for Wireshark
> Date: Tuesday, October 13, 2015 at 8:08 PM
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] dissecting HTTPS traffic
> 
> Mark, I'm curious about your statement that it's not legal to decrypt
> users' traffic without them being aware. Since companies are constantly
> asserting that they own all the data on their devices and network, why
> would a user's personal traffic, even if it's of a sensitive nature, be
> any different?
> 
> Thanks!
> noam
> 
> On Tue, Oct 13, 2015 at 9:00 AM, Mark Semkiw
> <Mark.Semkiw@xxxxxxxxxxxxx<mailto:Mark.Semkiw@xxxxxxxxxxxxx>> wrote:
> Because technically it’s not legal to decrypt users traffic without them
> being aware.  It could reveal things like online banking passwords and
> such.  We use PA firewalls and they have the ability to do SSL decryption
> but I can’t actually see the traffic, the firewall uses layer 7
> inspection to and it’s own internal rule base/security signatures do
> decide if the traffic gets passed or not.
> 
> Mark Semkiw, Senior Network Engineer
> 
> CCNA  CNSE  WCNA
> 
> 
> From:
> <wireshark-users-bounces@xxxxxxxxxxxxx<mailto:wireshark-users-bounces@xxxxxxxxxxxxx>>
> on behalf of Noam Birnbaum
> Reply-To: Community support list for Wireshark
> Date: Monday, October 12, 2015 at 4:32 PM
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] dissecting HTTPS traffic
> 
> Curious, why wouldn't you recommend doing our own MITM attack? (And how
> would we do it?)
> 
> On Mon, Oct 12, 2015 at 11:22 AM, Mark Semkiw
> <Mark.Semkiw@xxxxxxxxxxxxx<mailto:Mark.Semkiw@xxxxxxxxxxxxx>> wrote:
> All you can really do at that point is analyze the endpoints and see if
> you can get any info from that.  Well I guess you could setup your own
> man-in-the-middle attack, but I wouldn’t suggest it.
> 
> Mark Semkiw, Senior Network Engineer
> 
> CCNA  CNSE  WCNA
> 
> 
> From:
> <wireshark-users-bounces@xxxxxxxxxxxxx<mailto:wireshark-users-bounces@xxxxxxxxxxxxx>>
> on behalf of Noam Birnbaum
> Reply-To: Community support list for Wireshark
> Date: Friday, October 9, 2015 at 4:12 PM
> To: "wireshark-users@xxxxxxxxxxxxx<mailto:wireshark-users@xxxxxxxxxxxxx>"
> Subject: [Wireshark-users] dissecting HTTPS traffic
> 
> Hey folks,
> 
> One of our clients has recently been having their WAN bandwidth eaten up,
> and we've narrowed it down to one executive's computer.
> 
> Now we want to dissect that computer's traffic to see what it's doing.
> However, much of it is HTTPS, so we can't see the content. Any
> suggestions on getting a useful analysis?
> 
> Thanks!
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list
> <wireshark-users@xxxxxxxxxxxxx<mailto:wireshark-users@xxxxxxxxxxxxx>>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx<mailto:wireshark-users-request@xxxxxxxxxxxxx>?subject=unsubscribe
> 
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list
> <wireshark-users@xxxxxxxxxxxxx<mailto:wireshark-users@xxxxxxxxxxxxx>>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx<mailto:wireshark-users-request@xxxxxxxxxxxxx>?subject=unsubscribe
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe