[Pauldotcom] Can a sys admin see a gmail account
Michael Douglas
mick at pauldotcom.com
Wed Dec 16 13:10:03 UTC 2009
Perhaps I'm not aware of how google or modern web browsers handle
things... but I thought an admin would be able to mount your C$ share
(yes I know I can't assume everyone's running windows... but come on!)
Once they have access to your HD, it's just a matter of reading the
local cache.
Here's an older BlackHat Briefings talk about this from 2003
www.blackhat.com/presentations/bh-usa-03/bh-us-03-akin.pdf (yes it is a pdf)
The techniques in the above link are far from perfect... sent mail
isn't cached for instance... I need to try this out again. But I
had... I mean Bob had -- Yeah Bob -- had lots of fun with this a while
back.
- Mick
On Wed, Dec 16, 2009 at 1:49 AM, Joel Esler <eslerj at gmail.com> wrote:
> Let's assume this. Is it possible? Yes. However, it'd be extremely
> difficult and extremely unlikely. Theoretically, yes, they can see what you
> are doing. But I'd bet not.
> J
>
> On Tue, Dec 15, 2009 at 8:55 PM, Abdul Qabiz <aqabiz at gmail.com> wrote:
>>
>> You are right, many admins don't have that much time. However, I learnt,
>> any user on network can actually find out about your cookies, that can
>> be scary situation.
>>
>> I would not trust any network, except the one I control.
>>
>>
>>
>> On 16/12/09 12:23 AM, Michael Miller wrote:
>> > I would have to agree. If I was a "EVIL BOFH" I would use
>> > slidejacking to get into the users session. One question I'm asking
>> > my self right now is, How much time do the admins have to do this?
>> > Unless it's sanctioned by management. They would be violating any
>> > number of state& federal laws, and possibly company policy. If you
>> > fear you are being investigated at work. Don't use your work computer
>> > for non-business related communications.
>> >
>> > -mmiller
>> >
>> > On Tue, Dec 15, 2009 at 1:25 AM, Abdul Qabiz<aqabiz at gmail.com> wrote:
>> >
>> >> What I have learnt, if you are on switched network, one can play MITM
>> >> attack
>> >> or dns spoofing, to get the GX cookies.
>> >>
>> >> That's all you need, GX cookies. One can use GX cookies to login into
>> >> your
>> >> gmail account.
>> >>
>> >>
>> >> On 15/12/09 2:00 AM, Shawn McGovern wrote:
>> >>
>> >> Ok so my question was posted in a forum and someone gave me and answer
>> >> but
>> >> didnt explain it and then the forum post was when closed on me. So I
>> >> will
>> >> ask here for clarity and try not to kill me for this, I am trying to
>> >> learn.
>> >>
>> >> So if someone uses a corporate network to check a Gmail (using SSL).
>> >> If
>> >> they check to make sure that they have a secure connection -- once
>> >> connected
>> >> -- and then they check the certificate to see if the cert hierarchy has
>> >> been
>> >> tampered with. Everything looks fine. Are any admin or whomever able
>> >> to
>> >> see you emails? Forget about software on the computer you are using,
>> >> only
>> >> through the network monitoring.
>> >>
>> >> I was told in the forum that they could use a monitoring program like
>> >> wireshark to view them. In the wireshark forum I read that you would
>> >> need
>> >> the private key to decrypt the messages and in the forum they said that
>> >> a
>> >> sys admin can get the private key? Is that information correct? and
>> >> if so
>> >> how would they be able to get the private key?
>> >>
>> >>
>> >> Thanks in advance
>> >>
>> >> _______________________________________________
>> >> Pauldotcom mailing list
>> >> Pauldotcom at mail.pauldotcom.com
>> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> >> Main Web Site: http://pauldotcom.com
>> >>
>> >> _______________________________________________
>> >> Pauldotcom mailing list
>> >> Pauldotcom at mail.pauldotcom.com
>> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> >> Main Web Site: http://pauldotcom.com
>> >>
>> >>
>> > _______________________________________________
>> > Pauldotcom mailing list
>> > Pauldotcom at mail.pauldotcom.com
>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> > Main Web Site: http://pauldotcom.com
>> >
>>
>> _______________________________________________
>> Pauldotcom mailing list
>> Pauldotcom at mail.pauldotcom.com
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>
>
>
> --
> Joel Esler | 302-223-5974 | gtalk: jesler at sourcefire.com
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
More information about the Pauldotcom
mailing list