Hacker News new | comments | ask | show | jobs | submit login

Would it make a difference knowing the product behind the sniffing? Once your traffic went on the clear and there's people with access to it, that's game over.

You could encapsulate SSL in SSL, so the first SSL layer is decrypted by your "colleagues" but the second one should just flow freely.

The problem here is that (A) SSL is defeated in your corporate network and (B) other protocols are probably blocked, to force you to use the proxy to reach Internet, so you're stuck with SSL.

Disclaimer: We haven't tried these scenarios (defeat SSL sniffing on a corporate network) because it's not the main use of our product and actually, as long as it's legal and ethical you should follow your employer's rules, so bypassing your company's security systems is not our business nor we condone it.

But it's technically interesting.

We[1] do SSL tunnelling to create private networks; unfortunately we don't offer Internet gateways so it's not exactly a VPN tunnel. You could, however, install a proxy or a router inside your private network and use it to route your traffic to Internet through the private network.

[1] https://wormhole.network




>Would it make a difference knowing the product behind the sniffing?

My main concern is a Superfish-like situation where a user takes their laptop outside the corp LAN and gets owned because the root cert is vulnerable. Knowing the vendor of the whole system might be enlightening; I'm not sure.


Fair point. Usually this cert will be generated internally, even by the device itself, but it's a good point then to know who's the vendor, in case these certs are "pre-generated" with the same private key for everyone or something :)


>You could, however, install a proxy or a router inside your private network

Sounds like a good way to get fired depending on how strict their policies are.


Actually trying to work around any restrictions is a really good way to get fired :)

(Clarification: when I said private network I mean in the virtual network created by Wormhole, so probably at your home, bridging between the virtual network and your home's network)




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: