 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
I agree on this as a meeting topic! Of course, I suspect Mr. Horne is between the perverbial rock and hard place since his workstation should be considered compromised even with the addition of his choice of software. However, can one use a PDA and then upload or download pre-encrypted traffic for decryption off the work systems? I see this as the only truly secure mode (except using a cell phone modem and your very own computer) since it is not difficult to monitor keyboard input (or other i/o) and once the passwords are captured the jig is up! But I'd love to hear of a safe alternative. Bill Horne wrote: > On Thursday, May 04, 2000 4:51 PM, Mike Bilow > [SMTP:mikebw at colossus.bilow.com] wrote: > > This is too trivial for a meeting. You start sshd on the home > > machine, using a high-number port, specified with the "-p" > switch. That > > would allow you to log in from work by specifying the correct > port > > with the "-p" switch on the ssh client. When you start the > client, you > > can also ask it to map some local port through the ssh tunnel > with the > > "-L" switch. Then you point your mail client at that port on > > your local machine. This can be more involved in general, not > for POP. > > > > A possibly simply solution is to run SSLproxy on the machine > > where the POP server lives, and then to use a mail client > which support > > SSLPOP. This should work if the SSLPOP port (995?) is not > blocked. > > > > If the firewall is very restrictive, you will need something > > more than ssh, such as httptunnel. > > > > -- Mike > > Mike, > > I'm sorry: I didn't define the issue clearly enough. Let's > start again. > > 1. I CANNOT change my work machine. I can't add software to > it. I can't use Linux. It's a W95 box, with Netscape, Lotus > Notes (the ONLY authorized email client in the organization), > and Office 97. > > 2. The firewall chokes everything but http, and ALL of that is > monitored and logged. > > 3. The task is to make the Netscape browser on my work PC, in > secure mode, act as a virtual terminal on my home PC. > > A. I want to start the browser, access my own URL through the > firewall, see the little padlock close, and then use that pipe > to go where I really want - for example, > > 1. A help wanted ad from a competitor > 2. The popmail server on banet.net. > > B. I need all caches cleared when I log off. > > As anyone who has seen the dreaded "Netscape does not trust the > certificate issued by..." message will attest, creating a secure > connection using a browser is not easy, and I'm sure the topic > of how to keep the thought police out of your data stream is > worth at LEAST an entire meeting: aside from the technical > issue (which is tough enough) perhaps we could get someone to > talk about the current legal status of corporate email, the > implications of using a company's computer to access the net, > etc. > > Bill > > > > > > > On 2000-05-04 at 09:27 -0400, Bill Horne wrote: > > > > > I just thought of a meeting topic: I'd like to know how to > > > use > > > SSH (or anything else) to get past my boss' firewall/caching > > > > > > proxy and allow me to collect pop mail, etc. Currently, all > > > > > > calls to port 110 are trapped. > > > > > > How about a meeting on how to set up a virtual terminal > > > server, > > > that will allow Secure Socket Layer connections to a home > > > machine from any browser? > > > > > > - > > Subcription/unsubscription/info requests: send e-mail with > > "subscribe", "unsubscribe", or "info" on the first line of the > > message body to discuss-request at blu.org (Subject line is > > ignored). > > - > Subcription/unsubscription/info requests: send e-mail with > "subscribe", "unsubscribe", or "info" on the first line of the > message body to discuss-request at blu.org (Subject line is ignored). - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
