Blue Coat decrypting SSL Traffic??

Discussion in 'privacy problems' started by arran, Oct 13, 2008.

Thread Status:
Not open for further replies.
  1. arran

    arran Registered Member

    Feb 5, 2008

    I have been reading a few sites around the internet about bluecoat being able to decrypt SSL the same protocol as online banking

    wouldn't this be a hugh security Risk for online banking??

    also too can some one tell me if there is much difference SSL and SSH?

    Can bluecoat also decrypt SSH used for secure Tunneling to proxy servers??
  2. markoman

    markoman Registered Member

    Aug 28, 2008
    I am not familiar with Blue Coat, but reading the article you provided, I see that they are selling a proxy able to prevent encrypted traffic giong through a corporate network. Since it is impossible (in my knowledge) to freely decrypt internet traffic on SSL, I imagine that such proxies will act as Man-In-The-Middle. In other words, they will estabilish a secure connection between a client (you) and themselves (the proxy); in the proxy, the data will be decrypted and analyzed; the proxy will then estabilish a secure connection with the destination server (the server you were trying to reach) and complete the transaction. As a user, you will notice this is happening when your browser will warn you about a not valid certificate being used by the server you are connecting to.
    I hope I have explained myself. Anyways, for a better explanation, just search the wikipedia for "Man in the middle attack", and consider the Blue Coat Proxy as the attacker.
  3. Think-eDesign

    Think-eDesign Registered Member

    Mar 26, 2006
    Logan City
    Blue Coat are the owners/developers of the free K9 Web Protection (Internet content filter) which is a world class product.
  4. jrmhng

    jrmhng Registered Member

    Nov 4, 2007
    I presume that they will do the following:

    1) Put a new trusted signing authority into the web browser of the corporate computers
    2) This will allow them to decrypt the SSL tunnel at the corporate gateway
    3) They scan the traffic
    4) Re-encrypt and crate a tunnel from gateway to the webserver

    Not too hard on the corporate environment because they will have access to your computer to both complete step 1 and has control over routing in the corporate network. Step 1 is not absolutely necessary. However, if it is not completed, your browser will complain that the signing authority is not on the list.

    Key takeaway: SSL is not broken. SSL decryption by the gateway is only possible when they have access to your computer and can route traffic your traffic.
Thread Status:
Not open for further replies.