Stealth Browsing at Work

To Avoid Being Caught by the IT Department

who track what goes through the corporate firewall, consider www.orangatango.com.

Y connect with a virtual browser through SSL , they fetch the sites for you and as it is an SSL session the only connection monitored by the firewall is to orangatango. The pages, if they tried to view them, are encrypted.

Cost money though, gone are the days of free anonymous surfing like SafeWeb or Anonymizer

Huh?

Those of us with liberal arts degrees would appreciate a translation into plain English. By the way, how in the hell would you say that mouthful in Spanish.

OK, Simpler

KenoshaChris said:

Those of us with liberal arts degrees would appreciate a translation into plain English. By the way, how in the hell would you say that mouthful in Spanish.

Click to expand...

If you use the ghost browser the company you work for can read and monitor all the sites you visit as the sites go through a firewall first and it can track all the www. this and that you ask for.

Use orangatango (OT) first you are set up with an encrypted session with only them (OT), like for example a session of internet banking with your bank.

So the company firewall sees you connected only to them (OT) all the time.

When you type in the OT "virtual browser" on your screen www. this or that, they (OT) get it for you and show you your pages reqeusted and only on your screen.

All the while the firewall sees this encrypted session between you and orangotango and nothing else.

They cannot know where you surf, nor see what you surf even if they (company) tried to view the pages as they arrive. Only can your browser on your PC see them.

There you go, actual private browsing for you.

True stealth browsing ...

Orangatango keeps the IT guys from seeing your trail of surfing in their server audit, but most likely you are on the company LAN and they can still see your trail because it resides on your PC itself. They probably periodically audit your PC for unauthorized software, etc. and they have access to every picture, every word, every site you've had up on your screen, ... in your temporary internet file folders and cache, not to mention cookies, etc.

Then there's the E-mail trail, even if you use Hotmail or Outlook.

The only way I know of to be completely stealth is via tunneling and using a proprietary browser plugin for viewing so it doesn't end up in your temp folders and such. Read on...

So, if you've got broadband like CABLE or DSL at home, you can browse at work by tunneling through your home computer from work via the Internet. Nothing ends up on your PC at work. Nada. Not a trace of where you have been, what pictures you've seen, what text was displayed, ...

You connect to your computer at home, and then browse as though you were sitting in front of your computer at home, using it's internet link. All that goes between your work PC and your Home PC is data only understandable by the plugin to draw a copy of your HOME PC screen and mouse movements, keyboard activity, etc.

Click below:
<a href="http://www.qksrv.net/click-1128396-5474535" target="_top" >
<img src="http://www.qksrv.net/image-1128396-5474535" width="125" height="125" alt="GoToMyPC - Access Your PC From Anywhere" border="0"></a>

Re: True stealth browsing ...

Jim Hinsch said:

Orangatango keeps the IT guys from seeing your trail of surfing in their server audit, but most likely you are on the company LAN and they can still see your trail because it resides on your PC itself. They probably periodically audit your PC for unauthorized software, etc. and they have access to every picture, every word, every site you've had up on your screen, ... in your temporary internet file folders and cache, not to mention cookies, etc.

Interesting you say that - I actually spoke to them and the pages you surf are not in the internet cache but in a virtual cache at orangatango. It is an SSL session with OT (you to them) and the exam of your PC reveals no more than if you did internet banking and they could then read those pages.

Cookies are on their server too. As they all work at any other PC in an OT session. Lose the SSL handshake/crypto token and nothing to read.

The OT browser is not software you install anywhere - it opens in your IE browser as a java/javascript application. You can log into OT from any internet machine in the world and your bookmarks , history etc. are all where you are. That is the sweet thing about it - other than blocking OT itself ( like they use to do with SafeWeb when they existed) - you are in a box.

All in all pretty cool application.

Click to expand...

They are not telling the truth

They are not telling the truth then. I have an Orangatango account. Try it yourself and you'll see. I did.

To prove that the stuff DOES end up on your PC:

Go visit a site that has a photo you know.
Use the FIND feature off the START button and locate all files modified within the last date. Sort by last modified. You'll see the recognizable JPG files right there on your PC, usually in c:\windows\temporary internet files.

SSL is simply a way to keep the communications encrypted via a key exchange. Once it arrives at your browser, it is unencrypted though, and the browser will cache the contents.

Tunneling via non-standard communications (SSL at the browser end, converts the encrypted data to HTML so the browser can display the contents) is the only way I know.

Yes, when you do Internet banking, the stuff also ends up on your PC, even when using SSL.

even if you use a personal laptop at work and operate through Orangatango the quantity of information being passed back and forth is still measurable

Huh?

Huh??

You can only escape server audits by using a dial up account or otherwise accessing the internet without using your employer's firewalls and proxy servers. Even if you do that, there a companies that use keystroke capture software. The safest play is to assume all online activity is monitored. I have to end this post now, I just received a complaint e-mail from the I/T department about my surfing at DR1.com

Data going back and forth isn't relavent. There will always be data going back and forth, as that is the intent. The fact that the data is encrypted is relavent, because it can't be read.

SSL has the data encrypted from the time it leaves the browser until the time it arrives at the destination. Ditto for the return trip. This eliminates the record in the employer's server and router logs.

A dailup from a laptop doesn't use the employer's equipment at all, but that's assuming you have a line. Most corporations have digital lines so you'd have to convert to analog using a product like the Connex, or user the handset input jack and be limited to 9600 bps. A cellular would be both slow and expensive and tying up an empoyer phone line would draw even more attention. Besides being slow, this would be a last alternative.

SSL gets decrypted upon arrival back at the user's browser. That's why it ends up on the user's PC. Yep, that includes passwords and banking information.

Orangatango uses a propriatary browswer plugin so for paid accounts, it is possible they offer an option to keep stuff off the PC the user is surfing from.

Orangatango is being used as passthrough so the employer's server and router logs will just show access to Oragantango's site. Howerver I did test it (free account) and it rained all kinds of stuff on my disk, including photos and the site visited.

The link in my earlier reply creates a proprietary link between the computer where the typing is taking place, and another computer, like the user's home computer connected to a broadband link like Cable or DSL. It does not have to be a static link (assigned IP address). The only info collected on the employer's PC, Server, and Router Log is binary gibberish from the graphics info being passed back and forth, and of course, the site used for the tunneling, but only for the initial connect.

The issue isn't whether or not you leave a trail, as you always will. The issue is whether the trail contains readable data on the employer's hardware, or better said, "can the boss tell what you've been doing".

Huh??

Huh???

For the layman:

SSL is the method your browser uses to keep everything scrambled. It goes into this mode whenever the site starts with "https" instead of "http", such as personal banking sites or sites where you enter your credit card number. It keeps people from getting data you enter, anywhere along the trip to the web site you are connecting to.

Digital lines. Don't steal the phone from work. It probably won't work at home. Your laptop can't dial out on the line at work either.

Orangatango. A site you can go to so provide somewhat "secret" surfing when at a work on your employer provided PC.

Below is a link to a web page. Sign up and you can go to their web page from any computer. Once there, just select your computer at home and connect. From then on, it's just like you were sitting at home in front of your home computer. Hence, the boss can't see what you've been up to because you are surfing from home. <a href="http://www.qksrv.net/click-1128396-5474535" target="_top" >
<br />
<img src="http://www.qksrv.net/image-1128396-5474535" width="125" height="125" alt="GoToMyPC - Access Your PC From Anywhere" border="0"></a>