Hi Henrik.
> So your real question is if it is possible to determine with the help of
> Squid if this employee is uploading confidential information to a third
> party web site.
No ! My REAL (and original) question is if it is possible to grab user and
password from an url.
Sorry, but I heat when one change my question because "I'm sure you intend
this question and not the original one you made".
I am a consultant, my customer wanna know user and password for the virtual
hard drive and I have to give it him. Stop.
We already know the employee is uploading confidential information to the
internet.
> >From the Squid logs you can easily tell what web sites the user is
> visiting, and how often.
Already done! This is the way I discovered the abnormal traffic.
> If you think this is being done and is done in good faith then the best
> action is to simply ask the employee if he is doing this or if he is aware
> what the implications of doing so would be.
Not technical and/or squid matters. I'm not payed for asking employees, I'm
payed for discover the password.
> Generally speaking, if the web site is https based then all you can see is
> the amount of traffic going in both directions, but if it is http based
> then everything can be seen (just dump the network traffic and analyze
> it). This is not directly related to Squid but any Internet usage.
Already done! HTTPS. Traffic confirm our suspect. We need user/password,
remember ? :-)
> In an ethical point of view stealing the users personal login details to
> this third party web site by analyzing his traffic is very dubious in my
> view, and probably illegal in many countries.
My customer knows all. He pays me for technical things and he will pay
lawers for them things.
>You surely should be able to
> make up better approaches in proving/disproving the claims of
> Internet connection abuse.
Already done with a HW keylogger (fantastic toy !).
Sorry again If i was acid in this mail.
Bye from Italy and Happy 2005 !!!
LM
Received on Fri Jan 07 2005 - 04:51:09 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST