|
big scary monsters posted:at a company in the US, probably, in europe, probably not corporate networks usually man-in-the-middle ssl, yes but they will whitelist sites to not be MITM'ed. your employer has zero interest in monitoring your interactions with your bank, for example.
|
# ? Mar 12, 2017 17:01 |
|
|
# ? Jun 9, 2024 22:40 |
|
goddamnedtwisto posted:on a corporate network in most of europe, it's absolutely legal, with varying degrees of spelling out to your employees that you're doing it surely it'd fall foul of the DPD, especially if you're doing mitm on https. for example: it's my lunch break. i log in to my online banking on the company network and transfer some cash to my daughter. then i go on amazon and order a birthday present sent to her home address. finally i send her a tasteful jacquie lawsons e-card. now the company has processed and stored her personal information, without her knowledge or consent, and would seem to lack a specific and legitimate purpose for holding that information unless you're doing very hands-off and minimally intrusive filtering/monitoring, i don't see how you could avoid a hundred scenarios like that happening every day. i admit that this is not an area i'm exactly clued up on, i'm just going off half-remembered training stuff, so i'd be interested in hearing it from someone who actually has a clue
|
# ? Mar 12, 2017 17:01 |
|
muffled reeeeeeee
|
# ? Mar 12, 2017 17:25 |
|
big scary monsters posted:surely it'd fall foul of the DPD, especially if you're doing mitm on https. for example: it's my lunch break. i log in to my online banking on the company network and transfer some cash to my daughter. then i go on amazon and order a birthday present sent to her home address. finally i send her a tasteful jacquie lawsons e-card. now the company has processed and stored her personal information, without her knowledge or consent, and would seem to lack a specific and legitimate purpose for holding that information the specific and legitimate purpose is monitoring employee activity you, as an employee, are extensively and repeatedly informed that the company monitors your activity on corporate networks. you and you alone are responsible for violating your daughter's privacy. (also, the bank's web site would probably be whitelisted, since the company has zero interest in snooping on your banking activity. but that's not important here.)
|
# ? Mar 12, 2017 17:35 |
|
all traffic on your corporate network should be snooped for security reasons. do not do personal poo poo on company resources.
|
# ? Mar 12, 2017 17:37 |
|
ugh sounds like heck
|
# ? Mar 12, 2017 17:39 |
|
big scary monsters posted:surely it'd fall foul of the DPD, especially if you're doing mitm on https. for example: it's my lunch break. i log in to my online banking on the company network and transfer some cash to my daughter. then i go on amazon and order a birthday present sent to her home address. finally i send her a tasteful jacquie lawsons e-card. now the company has processed and stored her personal information, without her knowledge or consent, and would seem to lack a specific and legitimate purpose for holding that information My dude have you heard of ssh tunneling?
|
# ? Mar 12, 2017 18:11 |
|
Salt Fish posted:My dude have you heard of ssh tunneling? lol if you think a corp doing ssl mitm attacks isn't going to block or at least notice your goofy ssh tunnel
|
# ? Mar 12, 2017 18:30 |
|
https://twitter.com/K2PLANTHIRE/status/838675439971348480
|
# ? Mar 12, 2017 18:37 |
|
|
# ? Mar 12, 2017 18:46 |
|
Salt Fish posted:My dude have you heard of ssh tunneling? ssh tunneling through a proxy only works if HTTP CONNECT is available and works correctly. which it never does in a mitm environment. which is, of course, the point of the mitm. they don't want you passing arbitrary things through the proxy
|
# ? Mar 12, 2017 18:48 |
|
|
# ? Mar 12, 2017 18:51 |
|
|
# ? Mar 12, 2017 19:06 |
|
https://i.imgur.com/ChJwwZc.mp4
|
# ? Mar 12, 2017 19:08 |
|
big scary monsters posted:surely it'd fall foul of the DPD, especially if you're doing mitm on https. for example: it's my lunch break. i log in to my online banking on the company network and transfer some cash to my daughter. then i go on amazon and order a birthday present sent to her home address. finally i send her a tasteful jacquie lawsons e-card. now the company has processed and stored her personal information, without her knowledge or consent, and would seem to lack a specific and legitimate purpose for holding that information okay, answering just for the uk because my knowledge of eu law is much sketchier. a much simpler example is personal email accessed from a corporate ("private" in uk legal terms) network, which is perfectly legit for companies to capture as long as they do not process or transfer it for reasons otherwise forbidden by law. so it's perfectly legit for a company to capture all of your internet traffic, even decrypting it, as it transits their network, for the purposes of protecting their own network or commercial interests. so virus-scanning it or even searching it for evidence that you're stealing for the company is fine, using it to discover that you're pregnant and sack you before you have a chance to declare it (and get statutory protection) isn't. there's a proportionality test - you can't hold everything indefinitely, and you can't intercept everything just to work out who keeps leaving the toilet seat up, and there's still a requirement to inform your users that you're doing it (and allow them to access all data you hold about them - and also anyone else with a court order or dpa/ripa authority), but the balance is very much towards the company. even under eu law you're not legally entitled to your own ideas on company time, why would your email be any different?
|
# ? Mar 12, 2017 19:19 |
|
i'm unironically happy that dickbutt and loss weren't taken by nazis
|
# ? Mar 12, 2017 19:19 |
|
once upon a time i was falling in love
|
# ? Mar 12, 2017 19:38 |
|
Babies Getting Rabies posted:once upon a time i was falling in love
|
# ? Mar 12, 2017 19:42 |
|
thanks for the corporate monitoring replies better informed people
|
# ? Mar 12, 2017 19:58 |
|
lmao
|
# ? Mar 12, 2017 20:02 |
|
Video Nasty posted:lmao it's german; it means "the mart"
|
# ? Mar 12, 2017 20:05 |
|
earth is pretty awesome
|
# ? Mar 12, 2017 20:07 |
|
https://www.youtube.com/watch?v=LKJ-0ZO4pxo
|
# ? Mar 12, 2017 20:09 |
|
Is the knife fight over? Because I know of a well-armed, deadly
|
# ? Mar 12, 2017 20:16 |
|
https://twitter.com/Skateboard_Gifs/status/841000134498430977
|
# ? Mar 12, 2017 20:17 |
|
i was surprised and impressed twice
|
# ? Mar 12, 2017 20:20 |
|
oh gently caress
|
# ? Mar 12, 2017 20:23 |
|
i have no idea why that prompted such a full-on belly laugh
|
# ? Mar 12, 2017 22:11 |
|
|
# ? Mar 12, 2017 22:56 |
|
https://www.youtube.com/watch?v=ExOCc_bHj6U&hd=1
|
# ? Mar 12, 2017 23:00 |
|
|
# ? Mar 12, 2017 23:02 |
|
http://i.imgur.com/1fVfzu6.mp4
|
# ? Mar 12, 2017 23:14 |
|
DOWN JACKET FETISH posted:i have no idea why that prompted such a full-on belly laugh the fact that there's a store called dick smith
|
# ? Mar 12, 2017 23:44 |
|
akadajet posted:the fact that there's a store called dick smith
|
# ? Mar 12, 2017 23:45 |
|
lol
|
# ? Mar 12, 2017 23:48 |
|
|
# ? Mar 12, 2017 23:49 |
|
I'm with the last poster: give me a suicide free laptop and OS
|
# ? Mar 12, 2017 23:51 |
|
Nitr0 posted:lol if you think a corp doing ssl mitm attacks isn't going to block or at least notice your goofy ssh tunnel If my workstation didn't have multiple ssh tunnels open during working hours I'd probably get fired.
|
# ? Mar 12, 2017 23:53 |
|
|
# ? Mar 12, 2017 23:58 |
|
|
# ? Jun 9, 2024 22:40 |
|
Person of Interest circa the end of season 4 looking weird
|
# ? Mar 13, 2017 00:01 |