5
2
My ISP uses a software that replaces site certificates with it own certificate so secure pages are always untrusted. Is there any solution for this? Is it safe to proceed with the resulting sites (including gmail)?
mmonem
Posted 2010-08-17T03:01:07.483
Reputation: 1 315
7
No, proceeding is not safe; your ISP is performing a man-in-the-middle attack on your encrypted traffic, and can therefore read all traffic if they choose so.
Is there any solution for this
Yes: Get a new ISP.
As a side note:
I am very surprised; I have never heard of an ISP doing this, and I would not even consider such a company a proper ISP (since they don't provide the service of an ISP, which is sending and receiving the data that you send or want to receive).
What ISP is this? I can't imagine any regular ISP doing this.
sleske
Posted 2010-08-17T03:01:07.483
Reputation: 19 887
3I'm shocked as well, that's an incredible security vulnerability. I would contact your ISP immediately. It could be someone in between you and the site pretending to be your ISP. – Josh K – 2010-08-17T03:18:28.203
So, aren't there any workaround for this? e.g. saving the good site certificate to a file and force using them ...etc? – mmonem – 2010-08-17T03:28:34.070
5Unfortunately, no. You might be able to find some loophole where they don't filter all of the traffic, or you might be able to set up some sort of VPN to provide a path outside of the network (which is just another kind of loophole), but if they're at all clever and serious about this behavior the answer is no. – Slartibartfast – 2010-08-17T04:48:15.033
5The name! What's the name man! The name of the ISP?! – chiggsy – 2010-11-03T05:16:48.173