Originally posted by: Platypus
Originally posted by: Imdmn04
Originally posted by: Platypus
Originally posted by: Imdmn04
Originally posted by: Platypus
Originally posted by: Imdmn04
Unless you are in very high position within the company, I fail to see how they would spend huge amount of resources to decrypt SSL.
People paranoid in security tend to forget the most important factor in all of security: there is always a way, but at what cost?
Most people are not important enough to justify that cost. The human factor is the most important aspect of security, not technicality.
Like I said before, it depends on where you work and what sort of confidential information you have access to. You'd better believe they monitor a lot more than 'high ranking' people these days.
Everybody access Gmail, Hotmail or Yahoo at work. In a typical 10k person company, I fail to see how they have the resources to read everybody's email. They would have several dozen supercomputers to decrypt all that much traffic. Then, you would actually need people to read it.
No, there is no need for a supercomputer nor any person to read the emails.. scripts can easily be written to snag certain data which is then read by a human.
Educate yourself:
http://www.bluecoat.de/downloa...epapers/BCS_SSL_wp.pdf
The device looks like this:
http://www.bluecoat.com/downlo...SG_8100_shadow_med.jpg
This is just one example of this technology in play, there are certainly other vendors out there. These devices are not expensive or hard to implement.
Furthermore, like I said it totally depends on the company you work for. Do you think for example that Mastercard would filter an employee's gmail for credit card numbers? Yes.
People that make less than 10 dollars an hour have access to countless credit card numbers at any given time during the day, these are certainly not high ranking positions in a company, these are the first level people you get when you call any CC company.
Like I said before, this is just one small example, think of what other protected company data is out there. Don't think you're safe because you're using SSL, it's not realistic anymore.
I briefly skimmed over the whitepaper, I may have missed it, but it looks like a device that governs SSL sessions rather than decrypt them?
I can't find the part where it says the contents are decrypted?
:roll::roll::roll:
Now you're just being obtuse, where did I ever say 'decrypt SSL'? If you notice the first time I even mentioned it:
Originally posted by: Platypus
They certainly can and certainly do depending on the company you work for. I work for a large financial corporation so our emails are constantly scrutinized for example.
Bottom line, don't do stuff at work you wouldn't want your boss reading... but they're not filtering every message you send from webmail services for example. It's quite simple for them to get around SSL encryption used by Gmail or other webmail providers and they can and will do it. If you're an unpopular person within the company or you do something that gets you written up you better believe they'll be monitoring your email/web traffic to collect anything they might need to get rid of you.
It's one thing to be ignorant and educate yourself, it's another to continue to be arrogant when you have nothing to contribute to a conversation.
The OP asked whether IT can read his/her web emails, the answer is no, for all practical purposes.
Getting around SSL sessions is not what the OP asked for. So don't get your panties in a bunch because I actually gave a valid answer.