SquareLemon Blog



no we dont

I just got a festive present from my ISP, Rogers. Following my recent talks regarding ISP packet injection/interception and data collection I wrote to the privacy officer at Rogers and asked, under PIPEDA, that I be supplied all information regarding my account, including any information that they have gathered such as URLs of sites visited, etc. I got a fairly standard response which said that they did not collect any such data, to which I replied: Hi, I recently sent a letter to you asking for details of data that Rogers hold on me as required by PIPEDA. [Read More]


bsides toronto video and slides

At the end of November I gave my talk, “Corporation In The Middle [BSidesTO Edition]” at BSides Toronto 2014. The recording of the talk is now online and available here: You can play along at home with the slides, here: Corporation In The Middle - BSidesTO Edition from Lee Brotherston [Read More]


corporation in the middle blog edition

I recently gave a talk entitled Corporation In The Middle. This post is a summary for the benefit of people who don’t want to listen to the recording or try to make sense of my slides without the commentary. Background Towards the end of 2013 I noticed that my ISP was inserting banners into webpages to notify me when I consumed 75% or more of my monthly bandwidth allowance. Nothing suspicious you may think, it is after all a perfectly reasonable message to relay. [Read More]


corporation in the middle

A few days ago I presented my talk, “Corporation In The Middle” at SecTor 2014. I will be presenting an updated and truncated version of the talk at BSides Toronto in November of this year. If you are interested in seeing the talk you can do so here: If so inclined, you can also get the slides here. The original blurb was: My ISP deliberately MiTM’d my connection. This talk discusses how they did it, how I detected what they did and what this means. [Read More]


is your eula lowering your application security

A couple of days ago I tweeted this: I'm pretty sure when your EULA prohibits reverse engineering your software, all you prevent is people telling you that they reversed it. — leE Brotherston (@leEb_public) July 15, 2014 Quite a lot of people agreed (at the time of writing it has 40 retweets and 19 favourites, which is quite a lot for me), so I thought that I would expand and explain this in a little more detail. [Read More]


sector 2014

I was meant to start this blog with a post about my ISP, about how they had man in the middle’d my connection and how I had been working out the details of why they had been doing this, how they achieved it and how I uncovered what they had been up to. Since I started writing that post the topic has grown somewhat and now I have been confirmed as a speaker at SecTor 2014 in Toronto. [Read More]


← Newer Posts