[Pauldotcom] Can a sys admin see a gmail account
bhoff at itworldclass.com
bhoff at itworldclass.com
Wed Dec 16 04:05:33 UTC 2009
A sys admin doing anykind of email sniffing on a thirdparty mail system is going to find themselves in all kind of legal trouble.
Brett Hoff
Senior IT Security Engineer Antler,Inc.
Sec+,Linux+,RHCT,GCFA
-----Original Message-----
From: Abdul Qabiz <aqabiz at gmail.com>
Date: Wed, 16 Dec 2009 07:25:29
To: PaulDotCom Security Weekly Mailing List<pauldotcom at mail.pauldotcom.com>
Subject: Re: [Pauldotcom] Can a sys admin see a gmail account
You are right, many admins don't have that much time. However, I learnt,
any user on network can actually find out about your cookies, that can
be scary situation.
I would not trust any network, except the one I control.
On 16/12/09 12:23 AM, Michael Miller wrote:
> I would have to agree. If I was a "EVIL BOFH" I would use
> slidejacking to get into the users session. One question I'm asking
> my self right now is, How much time do the admins have to do this?
> Unless it's sanctioned by management. They would be violating any
> number of state& federal laws, and possibly company policy. If you
> fear you are being investigated at work. Don't use your work computer
> for non-business related communications.
>
> -mmiller
>
> On Tue, Dec 15, 2009 at 1:25 AM, Abdul Qabiz<aqabiz at gmail.com> wrote:
>
>> What I have learnt, if you are on switched network, one can play MITM attack
>> or dns spoofing, to get the GX cookies.
>>
>> That's all you need, GX cookies. One can use GX cookies to login into your
>> gmail account.
>>
>>
>> On 15/12/09 2:00 AM, Shawn McGovern wrote:
>>
>> Ok so my question was posted in a forum and someone gave me and answer but
>> didnt explain it and then the forum post was when closed on me. So I will
>> ask here for clarity and try not to kill me for this, I am trying to learn.
>>
>> So if someone uses a corporate network to check a Gmail (using SSL). If
>> they check to make sure that they have a secure connection -- once connected
>> -- and then they check the certificate to see if the cert hierarchy has been
>> tampered with. Everything looks fine. Are any admin or whomever able to
>> see you emails? Forget about software on the computer you are using, only
>> through the network monitoring.
>>
>> I was told in the forum that they could use a monitoring program like
>> wireshark to view them. In the wireshark forum I read that you would need
>> the private key to decrypt the messages and in the forum they said that a
>> sys admin can get the private key? Is that information correct? and if so
>> how would they be able to get the private key?
>>
>>
>> Thanks in advance
>>
>> _______________________________________________
>> Pauldotcom mailing list
>> Pauldotcom at mail.pauldotcom.com
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
>> _______________________________________________
>> Pauldotcom mailing list
>> Pauldotcom at mail.pauldotcom.com
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
>>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
More information about the Pauldotcom
mailing list