What is Digg?163 Comments
- 2gig, on 10/12/2007, -0/+102Ironically, I can't read the article, because it's blocked by my work filter.
- cadavreexquis, on 10/12/2007, -8/+78Some overzealous employers block legitimately useful tools and content. What good does it do me if I'm a web developer and can't get to my favourite developer resources and forums? Or what if I need to IM a colleague half-way across the world to help troubleshoot a problem?
- FKnight, on 10/12/2007, -60/+127Someone might also want to do their ***** job when they're at work. It's not your computer.
- fascfoo, on 10/12/2007, -3/+60Even if it's not specifically work related, it hurts morale when your workers can't blow off a little steam by reading a news article, or IM a friend to setup dinner plans or whatever. I would think that the employees I hire are competent and smart enough to be able to get the job done or I wouldn't have hired them in the first place.
I hate that hand holding attitude that people like you have. - MegaSilver, on 10/12/2007, -2/+49My work does not allow Firefox to access the internet either. So, all I did was rename the exe to 'iexplorer.exe' and ta-da!
- EBFoxbat, on 10/12/2007, -8/+45Some of us have ligitimate downtime to use at our discresion. I am a body here "just in case" from lunch until 4 EVERYDAY. Browsing the web is condoned by my superiors. So bite me.
That said, my work has blocked EVERY attempt I have made to tunnel through their firewall. I'll try this though, as it's well written. - dumassdelux, on 10/12/2007, -2/+28Read your organization's Internet/Network user policy first. You don't want to do some thing that can get your ass canned.
- masamunecyrus, on 10/12/2007, -1/+23"Your organization's Internet use policy restricts access to this web page at this time.
Reason: The Websense category "Proxy Avoidance" is filtered." - FyreGoddess, on 10/12/2007, -5/+27HAHAHA!
My firewall at work blocked this site. - cal3b, on 10/12/2007, -2/+19What's to bet your work firewall has not blocked it here:
http://www.duggmirror.com/security/How_to_Bypass_Most_Firewall_Restrictions_and_Access_the_Internet_Privately_2/ - DoctaStooge, on 10/12/2007, -5/+20yea, some employers are too protective. for example, where I work, some articles on network/computer security can't be accessed because the topic of the page is entitled "Hacking" which is filtered out by MIS. They also wouldn't allow Firefox, Netscape, or pretty much any browser by IE on computers until about this past January because he browsers had caused "network contention". some MIS groups just don't know technology enough to be regulating it for a company.
- freddo, on 10/12/2007, -2/+16Someone might also want to check the anonimity section of http://fravia.com/
- purpleaspi, on 10/12/2007, -2/+16hey, mine too...
Request denied by WatchGuard HTTP proxy.
Reason: one or more categories denied helper='WorkHours' details='Remote Proxies' - joel2600, on 10/12/2007, -0/+12wow, i remember reading this guy's stuff almost a decade ago... between fravia's site and miscellaneous text files, there were no better resources on the internet in those days (with regard to internet privacy and security)
- mwronski, on 10/12/2007, -5/+17Ah.. The monthly bypass firewall using SSH story on DIGG. If you didn't digg it this month, just wait till next month when its comes around again.. If we are lucky, it will appear twice.
- fmaxwell, on 10/12/2007, -2/+14FKnight wrote: "Someone might also want to do their ***** job when they're at work."
I've just come back from a five month long launch campaign during which I was away from my home, family, computers, boat, motorcycles, AV system, and every other personal posession I own. I think I've earned the right to screw off at work now and then.
FKnight wrote: "It's not your computer."
It's not their cell phone that I carry, but my work doesn't mind calling and messaging me on it. It's not their land-line, but they don't mind calling me on it when I'm at home. It's not their computer that's at my house, but they don't mind asking me to use it for doing their work.
I'm not complaining, but it's a two-way street. If they want to intrude on my time and make use of computers, telephony equipment, and services that I pay for, then there's nothing wrong with me occasionally screwing off while using their computer.
Now if you have a low-level, clock-punching job where you're never asked to work extra hours or receive work-related communications when not at the office, then, yes, you shouldn't be screwing off on your employer's time. - jpaolini, on 10/12/2007, -0/+11Very good collection of information...and just in time for school! :)
Seriously though, my school blocks anything and everything. Nasdaq.com - blocked. Yahoo Finance, News, etc - blocked. Any sort of external email - blocked. Any sort of forum (doesn't matter what it's for or who runs it) - blocked. I could probably think of dozens and dozens more websites that are blocked by our school's system...it's just not fair.
Oh, and Digg.com is unblocked (thanks to some student convincing) but they block the login page so we can't post comments or digg stories from there.
-_- - mv36, on 10/12/2007, -2/+10Site down mirrored at,
http://www.duggmirror.com/security/How_to_Bypass_Most_Firewall_Restrictions_and_Access_the_Internet_Privately_2/ - rworne, on 10/12/2007, -1/+8I used to do this with a squid proxy I set up at home. Work uses Websense which already blocks public proxies, but could not detect proxies that were not on their "list."
It worked well for about a year then Websense added proxy avoidance to their tools. Now it doesn't work at all anymore :(
I'd try ssh tunneling, but since I work for a DoD contractor I don't think it's a smart idea to set up an encrypted tunnel and start passing data back and forth between home and work. It's just not healthy for a security clearance. - EvilTesdall, on 10/12/2007, -5/+12Does it hurt to be a fool? As an I.T. person i look through all of this and all your comments to see you all (all is a all encompassing word, i just mean desk jockeys really) greedy idiots. The Internet is bought by your employer, and you as it's employees must obey what they say otherwise you don't get food, house, or happy beer drinking times! If i found out some fool was opening my network up to outside ad-ware, spy-ware, viruses,the works...i would surely lock them down tighter (with group policies and what not). I don't give a damn if this kills moral i would rather have 2 good people instead of 1 great person (a.k.a. i would fire you) if they didn't give me viruses...or liabilities!
- TulsaMJ, on 10/12/2007, -1/+8> This guide and fravia will never work on my corporate network. Not only do
> I only allow certain websites, but I also dont allow programs to be installed.
Wrongo! The only thing required inside your network is putty, and putty does not have to be installed. It can be brought in on a thumb drive, or maybe even on a CD-ROM or floppy. All the heavy installation has to be done on the individual's home network end. Once you discover the breach, of course, you can always block the IP of their cable modem or whatever. - dschep, on 10/12/2007, -0/+7Yes, because work places that filter your Internet access are going to give people accounts that allow them to install hamachi and its network interface.. come on, a sys admin would be have to be retarded for hamachi to be able work.
- krystianantoni, on 10/12/2007, -4/+10good reading ;-)
- frank3000, on 10/12/2007, -1/+7before going through all this pain in the ass, try using a simple web proxy. pwoxy.com has a list of current proxies, most of which get through school/work filters.
- BobbyOnions, on 10/12/2007, -5/+11I know I'll get modded to oblivion but just take a minute and discard the "me me me" attitude.
It's not your computer. It's not your network. It's not you that cleans up the mess caused by *****. It's not your company-confidential data that gets leaked.
If you have a legitimate requirement to get to a site or use a facility, get your manager to justify it to IT. If there is a business need and the benefits outweigh the risks, it will get approved.
I turn off the default gateway setting at all my client installs and stick everything through squid and danted. After a few weeks we (the client and I) review the situation and policies are drawn up and the policies are incorporated into employment contracts.
So far, our observations are that NOTHING that is legitmately need by a professional business user can't be put through a proxy. In other words, EVERYTHING that a professional user needs CAN be put through a proxy which enforces access controls. Similarly the use of attachments with email can be easily controlled.
It's mostly a matter of commitment from the business that determines how far they take it - and all of my clients love it. The bottom line is that the internal networks I manager no longer let nasties in and nothing confidential gets out.
Some professional business environments simply don't want employees having access to miscellaneous websites and services. If you don't like that, don't work there, it's that simple. - DoctaStooge, on 10/12/2007, -1/+6well, firefox could get through before, it just wasn't on the "approved software list" for the reason I mentioned before. the best part is that this list isn't posted publically anywhere.
- jrbrewin, on 10/12/2007, -1/+5i sure hope you're not storing personal medical records on your site - doesn't sound like the most secure IT setup going.
- inactive, on 10/12/2007, -0/+41) Circumvent firewall
2) Get caught
3)????
4) Get fired. - magik, on 10/12/2007, -0/+4pwnt.
- Kale, on 10/12/2007, -0/+4Here's my 2 cents.
I'll begin with the two premises upon which I base my view:
A) With anything in life, the proper system is one where person who gets to make the final decision is the person who takes the blame if something goes wrong.
B) If a person really knows what they are doing, they are at less risk for downloading spyware/viruses than the unwashed masses that download those cutesy smiley face icons and cursors.
If the IT department is going to get blamed for viruses if people download them, then the IT department should be able to restrict access. For people that are net-savvy they could leave an SSH port open for people to tunnel net access, with a "don't ask don't tell" policy. Most non-computer-literate people will be dissuaded by a block when they fire up IE. Those who can figure out a workaround will most likely be less risk for the company. - inactive, on 10/12/2007, -1/+4This relies on a default allow rule at the firewall which is just silly.. I actually wrote a program a while back that does something similar to this but only for http traffic (it would be easy enough make it do other protocols but http is easier as it is not as time sensitive as many things IM software etc). Basically my program counted on there being access to email and nothing else (the environment I wrote it for was a bank... VERY restrictive) one little quirk about the network I wrote this for was that it provided external secure imap access to email. The reason this is important is that when you send an email, usually there is some delay as it is routed to the MX for the domain its headed to. When you send a email to yourself arrival is all but instantanious as all that needs to happen is a save to the correct mail spool. So the program worked as follows. It was split into 2 pieces a client and a server you could call them.. the client sits on your work computer and on one end acts as a http proxy. when it recieves a request from the browser it encrypts it, encodes it into an email and sends it on the internal mailserver to itself. on The server side runs on an outside system (say at home).. it maintains an imap connection with your works mail server and when a new message comes in it checks the encoding to make sure its not a real message (from your boss telling you to work) if the encoding matches it deletes the message then decodes and sends the http request out to the web server (say google.com) when it gets the response from google it encrypts and puts it back in an email which it sends to your works smtp server. back on the client side the proxy sees a new mail checks to see if its the response and and decrypts it and sends it out the proxy end back to the browser. this all sounds fairly complex but in fact it works quite seamlessly. One of the requirements was that it wasn't difficult to set up as I couldn;t exactly go to the bank and set it up for this person but fortunately all you need to configure on the client side is set your browser to proxy through localhost and put your email address pasword and mail server into the proxy config.. ANyway thought this was relevant, if anyone wants more detail just ask, I have code lying around somewhere I think.
- colforbin, on 10/12/2007, -1/+4This doesn't do much good when your company blocks outgoing ssh traffic.
- DarkElf109, on 10/12/2007, -1/+4@Agret:
Actually, for people that can't afford flash drives, web mail is the next best tool. And don't even mention floppies. 1.4 megs of unstable magnetic data is not good storage... - god4twenty, on 10/12/2007, -0/+3Someone should mirror this content for the poor folks that are being blocked from the site. Personally, I find the best way is to get a rootshell account somewhere that allows ssh connections on port 443, then even if you need to authenticate to your proxy putty will do that and all your traffic stays encrypted.
- S1mba, on 10/12/2007, -1/+4Title should be read as:
"How to get fired from your job after traffic monitoring detects an inordinately large amount of encrypted traffic going over SSH ports on your system."
Apparently this guy never stopped to consider all the red flags this is going to send up if your company does any kind of logging of traffic and such. - gohoos, on 10/12/2007, -1/+4Another caveat:
Trying to browse something you shouldn't and getting blocked will most likely get you, at worst, a talking-to.
Tunneling around your corporate firewall to do it could get you fired.
Surf personal sites on your own time and network. - mobilehavoc, on 10/12/2007, -0/+3I know people have already posted this but I hope people who attempt this understand the gravity of the situation...
I work in Infrastructure at a large bank and have friends in IT Risk - getting caught trying to do something like this (successfully or not) and you'd be fired same day. Walked out of the building by a security guard. Worse, if you breached their firewall/proxies after they fired you they could follow with a law suit.
So ask yourselves, is not being able to wait to see your pr0n or blocked sites until you get home worth your job and possibly your money?
This applies to most large corporations but I'm assuming if they put the firewalls/proxies to block sites in the first place - they sure as hell don't want you circumventing them. - kazolar, on 10/12/2007, -0/+2FYI better idea, I don't like to expose my home PC by running openssh on it, so I got OpenWRT running on my router with dropbear SSH server on port 443. Putty works well with that from work -- Goes through the corporate proxy perfectly fine. I agree with Kale, I used to work in a company that filtered out nothing and everyone had admin rights on their PCs, as a programmer, I would be constantly fighting spyware on traders machines to get our inhouse apps to work, trying to make IT guys job easier when I had the time. I would always ask them though to lock things down tighter -- they eventually did, but no without some million dollar/year trader bitching and moaning that he couldn't get his favorite toolbar installed.
- directorblue, on 10/12/2007, -0/+2Anyone that thinks proxying through SSL in the workplace is secure should read this:
http://directorblue.blogspot.com/2006/07/think-your-ssl-traffic-is-secure-if.html
coming soon to a workplace near you, i'm sure. - ed.2112, on 10/12/2007, -1/+3http://www.freshproxylist.org
- tomi, on 10/12/2007, -0/+2swaxhog - They could probably easily filter out what's encrypted. And also, if it's a smaller company, it's obviously noticeable.
- athlonmj, on 10/12/2007, -1/+3Excellent, NSFW now means ESFW = extremely safe for work
- elitexero, on 10/12/2007, -0/+2A FIREWALL DOES NOT PREVENT YOU FROM SURFING RESTRICTED SITES. A **CONTENT FILTER** DOES!
How many times do I have to comment on digg stories claiming to get past a 'firewall'
A firewall is a program that monitors all the incoming and outgoing connections and only allows certain ones. - jessejoedotcom, on 10/12/2007, -0/+2http://virtual-browser.com/
- TheyWillKillUs, on 10/12/2007, -1/+3Holy crap Fravia still around! That brings back memories....
- lieb39, on 10/12/2007, -0/+2I just use SSL Explorer on a computer at my home - uses the SSL port, and allows for remote port forwarding as well as heaps of other stuff. *Shameless plug*..
But honestly, great software! - warpzone, on 10/12/2007, -0/+2Try googling it and reading the site via the google cache. Easy work-around for minor text websites.
- andox, on 10/12/2007, -0/+2I just setup SSL explorer on my home computer and haven't found a firewall that will block it yet. Mainly cause it uses 443.
- TriviallyTravis, on 10/12/2007, -0/+2Dugg because if I'm not mistaken, this is a good tutorial on secure surfing from unsecured wireless access points.
- Luuvitonen, on 10/12/2007, -0/+2Isn't it possible that the DNS queries for the dubious websites still go through the company network anyway?
SOCKS supports unresolved addresses too, but depending on the implementation of the client (the browser in this case) it's not quaranteed that the request goes through SOCKS if the computer is aware of a local name server. -
Show 51 - 100 of 160 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is