SquareLemon Blog



citm snort rules

Last year I gave my Corporation In The Middle talk in which I explained how my ISP has been man-in-the-middle’ing my connection to inject a warning banner into the top of webpages I visited (talk content here and here). Part of this involved traffic analysis to discover artifacts of the injection process. In an effort to make this process more automated, repeatable and accessible I have put together a few snort rules to allow others to alert on this condition: [Read More]


mitm at 30,000 feet

In the past week I have seen a few mentions on twitter regarding Gogo Air presenting fake SSL certs for YouTube to users of their in air Internet access service: hey @Gogo, why are you issuing *.google.com certificates on your planes? pic.twitter.com/UmpIQ2pDaU — Adrienne Porter Felt (@apf) January 2, 2015 No, not OK. @Gogo please justify breaking the Internet for your paying users. Huge privacy connotations! pic.twitter.com/AxZOPEK0oO — Ben Hughes (@benjammingh) January 4, 2015 [Read More]


no we dont

I just got a festive present from my ISP, Rogers. Following my recent talks regarding ISP packet injection/interception and data collection I wrote to the privacy officer at Rogers and asked, under PIPEDA, that I be supplied all information regarding my account, including any information that they have gathered such as URLs of sites visited, etc. I got a fairly standard response which said that they did not collect any such data, to which I replied: Hi, [Read More]


bsides toronto video and slides

At the end of November I gave my talk, “Corporation In The Middle [BSidesTO Edition]” at BSides Toronto 2014. The recording of the talk is now online and available here: You can play along at home with the slides, here: Corporation In The Middle - BSidesTO Edition from Lee Brotherston [Read More]


corporation in the middle blog edition

I recently gave a talk entitled Corporation In The Middle. This post is a summary for the benefit of people who don’t want to listen to the recording or try to make sense of my slides without the commentary. Background Towards the end of 2013 I noticed that my ISP was inserting banners into webpages to notify me when I consumed 75% or more of my monthly bandwidth allowance. Nothing suspicious you may think, it is after all a perfectly reasonable message to relay. [Read More]


corporation in the middle

A few days ago I presented my talk, “Corporation In The Middle” at SecTor 2014. I will be presenting an updated and truncated version of the talk at BSides Toronto in November of this year. If you are interested in seeing the talk you can do so here: If so inclined, you can also get the slides here. The original blurb was: My ISP deliberately MiTM’d my connection. This talk discusses how they did it, how I detected what they did and what this means. [Read More]


is your eula lowering your application security

A couple of days ago I tweeted this: I'm pretty sure when your EULA prohibits reverse engineering your software, all you prevent is people telling you that they reversed it. — leE Brotherston (@leEb_public) July 15, 2014 Quite a lot of people agreed (at the time of writing it has 40 retweets and 19 favourites, which is quite a lot for me), so I thought that I would expand and explain this in a little more detail. [Read More]


sector 2014

I was meant to start this blog with a post about my ISP, about how they had man in the middle’d my connection and how I had been working out the details of why they had been doing this, how they achieved it and how I uncovered what they had been up to. Since I started writing that post the topic has grown somewhat and now I have been confirmed as a speaker at SecTor 2014 in Toronto. [Read More]


← Newer Posts