[Pauldotcom] Can a sys admin see a gmail account
Joel Esler
eslerj at gmail.com
Wed Dec 16 06:49:24 UTC 2009
Let's assume this. Is it possible? Yes. However, it'd be extremely
difficult and extremely unlikely. Theoretically, yes, they can see what you
are doing. But I'd bet not.
J
On Tue, Dec 15, 2009 at 8:55 PM, Abdul Qabiz <aqabiz at gmail.com> wrote:
> You are right, many admins don't have that much time. However, I learnt,
> any user on network can actually find out about your cookies, that can
> be scary situation.
>
> I would not trust any network, except the one I control.
>
>
>
> On 16/12/09 12:23 AM, Michael Miller wrote:
> > I would have to agree. If I was a "EVIL BOFH" I would use
> > slidejacking to get into the users session. One question I'm asking
> > my self right now is, How much time do the admins have to do this?
> > Unless it's sanctioned by management. They would be violating any
> > number of state& federal laws, and possibly company policy. If you
> > fear you are being investigated at work. Don't use your work computer
> > for non-business related communications.
> >
> > -mmiller
> >
> > On Tue, Dec 15, 2009 at 1:25 AM, Abdul Qabiz<aqabiz at gmail.com> wrote:
> >
> >> What I have learnt, if you are on switched network, one can play MITM
> attack
> >> or dns spoofing, to get the GX cookies.
> >>
> >> That's all you need, GX cookies. One can use GX cookies to login into
> your
> >> gmail account.
> >>
> >>
> >> On 15/12/09 2:00 AM, Shawn McGovern wrote:
> >>
> >> Ok so my question was posted in a forum and someone gave me and answer
> but
> >> didnt explain it and then the forum post was when closed on me. So I
> will
> >> ask here for clarity and try not to kill me for this, I am trying to
> learn.
> >>
> >> So if someone uses a corporate network to check a Gmail (using SSL). If
> >> they check to make sure that they have a secure connection -- once
> connected
> >> -- and then they check the certificate to see if the cert hierarchy has
> been
> >> tampered with. Everything looks fine. Are any admin or whomever able
> to
> >> see you emails? Forget about software on the computer you are using,
> only
> >> through the network monitoring.
> >>
> >> I was told in the forum that they could use a monitoring program like
> >> wireshark to view them. In the wireshark forum I read that you would
> need
> >> the private key to decrypt the messages and in the forum they said that
> a
> >> sys admin can get the private key? Is that information correct? and if
> so
> >> how would they be able to get the private key?
> >>
> >>
> >> Thanks in advance
> >>
> >> _______________________________________________
> >> Pauldotcom mailing list
> >> Pauldotcom at mail.pauldotcom.com
> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >> Main Web Site: http://pauldotcom.com
> >>
> >> _______________________________________________
> >> Pauldotcom mailing list
> >> Pauldotcom at mail.pauldotcom.com
> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >> Main Web Site: http://pauldotcom.com
> >>
> >>
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> >
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
--
Joel Esler | 302-223-5974 | gtalk: jesler at sourcefire.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091216/ea8b6b31/attachment.htm
More information about the Pauldotcom
mailing list