Suppose I browse the Internet on my phone using company Wifi.

>>58098275
everything, everything you input into any webform (including passwords) and every site you visit

>>58098275
You're fucked.

Use a VPN.

>>58098361
>You're fucked.
>Use a VPN.
This is like telling someone who stepped on a landmine and lost both legs to becareful not to step on another one you big baka.

RIP in peace OP

>>58098347

Isn't a lot of this encrypted though? And even then how would they know that the device belonged to me?

>>58098435
ssl can be stripped, based onto the accounts you're logged into or your mac address

>>58098450

>can be

But again, realistically would a company be doing this

inb4 v&

>>58098477
yes

>>58098450
>stripped
Please explain

>>58098361
>>58098426

I haven't done anything other than browse 4chan/Reddit. I'm more just curious.

I thought they would be able to see something to the effect of "device xyz downloaded 8mb of data from ip 1234 and uploaded 5kb of data". Just as an example.

But you all are suggesting that the actual data is accessible? How exposed is it? And how much know-how would you have to have to get at it?

>>58098544
https sites give broken ssl or redirect to http essentially it just stops the encryption from functioning

>>58098275
yeah, i've gotten complaints from my boss about what people are looking at on company wifi.

>>58098550
>I haven't done anything other than browse 4chan

>OP, you've been terminated for being a racist sexist xenophobe. -Sincerely, your boss

>>58098556
>broken ssl
Please explain

sorry for being a bitch, I just thought maths worked

>>58098550
>But you all are suggesting that the actual data is accessible?
yes if the networks configured in a certain way (it most likely is) everything you've done on any website can be logged and linked to you
>How exposed is it?
not sure what you mean any network admin can view that data
>And how much know-how would you have to have to get at it?
when I did this for the first time it took me under one hour of googling to get it setup

>>58098582
rather than using a correct sll cert it would just show as an invalid one, so it'd look like oyu're using ssl but you're not

>>58098595
won't it pop up in all red though? in the browser, when the SSL certificate is not trusted

I know man in the middle attacks are possible but I think when everything is fine something really fishy would have to be happening for them to be able to sniff the data without you realising

not to say I have complete trust in computers (if I don't read the entire code, how could I ever be sure of anything) but I feel relatively safe using ssl

>>58098585

>not sure what you mean any network admin can view that data

I have no idea what I'm talking about so bare with me. But i guess what I'm asking is - in what form is the data transferred? Packets of essentially 0s and 1s right? So how do you get from that to see the actual content?

Can you go straight from that data steam to asci and read the information? Is there software that translates the stream to something human readable? How does this all work?

>>58098669
bear with me*
For how many years have you been writing in English? Disgraceful.

>>58098711
My phone autocorrected it fuck you

>>58098642
>won't it pop up in all red though? in the browser, when the SSL certificate is not trusted
I've heard several people on IRC and shit say it's possible for it to remain green
I'm not saying ssl isn't safe I'm saying don't trust anything on a network you don't own
>>58098669
you can use tools like wireshark to get the information in a fairly readable format - they probably have automated tools scanning for keywords and shit desu

>>58098642
>>58099006
"enterprise" mitm attack tools usually use valid certs, signed by i.e. symantec. If you distrust all CA that have done this in the past, you'll end up with 90% of the web untrusted.

It's the main security flaw in SSL/TLS, and it's only recently being addressed by HPKP and pre-shared site keys (bundled with your browser).

The network can also read your unencrypted DNS queries (or tell your client to use their DNS server - do you use DHCP?), so the admin probably knows at least which domains you visited.

>>58099054
Now that's fucked up. I'll have to be more careful in the future. And yeah, the unencrypted DNS queries can even be transparently redirected to their owm servers, right? So you think you're using a third-party DNS but in reality all the queries get snatched and resolved by 'them'.

>>58099115
>And yeah, the unencrypted DNS queries can even be transparently redirected to their owm servers, right?
They don't even need to do that to log which domains you visit, because DNS traffic can easily be separated from everything else (it's using a non-web/mail dest port). Logging all DNS traffic is "better" (from the attacker/admin pov) than using the logs from your own server, because you also get all the DNS requests to external servers.

>>58099115
>Now that's fucked up.
how? you're using THEIR network why shouldn't they be able to use that network to do what they want, it'll be in your employment contract so you even agreed to let them do this

>>58099369
The fact that it's possible to do with a thing I considered secure is fucked up. I don't blame the employers doing it when you are using the internet in your working time, but if they can do it, who knows who else is doing it.

>>58099422
>I considered secure
it's fucking dumb to assume security, I mean attacks like this can even happen on your network at home but this isn't that this is you signing away certain rights because you're too lazy to read your employment contract
>>58099422
>who knows who else is doing it.
you should assume 100% or networks you connect to that you don't own do it

>>58099454
>implying I assume complete security
>taking some parts of my post literally, misinterpreting other parts
>pretending to miss the point

just stop posting

>>58099511
>>implying I assume complete security
you considered it was secure for literally no reason, this is assuming security
>>taking some parts of my post literally, misinterpreting other parts
give examples
>>pretending to miss the point
I wasn't pretending I don't get what point you're trying to make
>just stop posting
no I'm bored and can't sleep

>>58099369
>you're using THEIR network why shouldn't they be able to use that network to do what they want
That depends on your location. Here in germany, employers have legal limits on what they are allowed to track and/or decrypt/intercept.

That said, wherever you are, this:
>>58099454
>you should assume 100% or networks you connect to that you don't own do it
is solid advice. Use a VPN, using a raspberry at home is good enough. If your employer won't let you, get another job (if you can).

File: 1480902777651.gif (1MB, 350x272px)

1MB, 350x272px

>Be in college computer lab
>Using community PCs
>Friend says he's going to pull up 4chan
>He opens /pol/ and browses it with people around
Wew Lad