[Pauldotcom] Can a sys admin see a gmail account

Abdul Qabiz aqabiz at gmail.com
Wed Dec 16 13:39:10 UTC 2009 

I think, one can use tools like ettercap and really do mitm and 
dns-spoofing. I believe, this would only work on switched network?



On 16/12/09 6:40 PM, Michael Douglas wrote:
> Perhaps I'm not aware of how google or modern web browsers handle
> things... but I thought an admin would be able to mount your C$ share
> (yes I know I can't assume everyone's running windows... but come on!)
> Once they have access to your HD, it's just a matter of reading the
> local cache.
>
> Here's an older BlackHat Briefings talk about this from 2003
> www.blackhat.com/presentations/bh-usa-03/bh-us-03-akin.pdf  (yes it is a pdf)
>
> The techniques in the above link are far from perfect... sent mail
> isn't cached for instance... I need to try this out again.  But I
> had... I mean Bob had -- Yeah Bob -- had lots of fun with this a while
> back.
>
> - Mick
>
>
>
> On Wed, Dec 16, 2009 at 1:49 AM, Joel Esler<eslerj at gmail.com>  wrote:
>    
>> Let's assume this.  Is it possible?  Yes.  However, it'd be extremely
>> difficult and extremely unlikely.  Theoretically, yes, they can see what you
>> are doing.  But I'd bet not.
>> J
>>
>> On Tue, Dec 15, 2009 at 8:55 PM, Abdul Qabiz<aqabiz at gmail.com>  wrote:
>>      
>>> You are right, many admins don't have that much time. However, I learnt,
>>> any user on network can actually find out about your cookies, that can
>>> be scary situation.
>>>
>>> I would not trust any network, except the one I control.
>>>
>>>
>>>
>>> On 16/12/09 12:23 AM, Michael Miller wrote:
>>>        
>>>> I would have to agree.  If I was a "EVIL BOFH" I would use
>>>> slidejacking to get into the users session.  One question I'm asking
>>>> my self right now is, How much time do the admins have to do this?
>>>> Unless it's sanctioned by management.  They would be violating any
>>>> number of state&    federal laws, and possibly company policy.  If you
>>>> fear you are being investigated at work.  Don't use your work computer
>>>> for non-business related communications.
>>>>
>>>> -mmiller
>>>>
>>>> On Tue, Dec 15, 2009 at 1:25 AM, Abdul Qabiz<aqabiz at gmail.com>    wrote:
>>>>
>>>>          
>>>>> What I have learnt, if you are on switched network, one can play MITM
>>>>> attack
>>>>> or dns spoofing, to get the GX cookies.
>>>>>
>>>>> That's all you need, GX cookies. One can use GX cookies to login into
>>>>> your
>>>>> gmail account.
>>>>>
>>>>>
>>>>> On 15/12/09 2:00 AM, Shawn McGovern wrote:
>>>>>
>>>>> Ok so my question was posted in a forum and someone gave me and answer
>>>>> but
>>>>> didnt explain it and then the forum post was when closed on me.  So I
>>>>> will
>>>>> ask here for clarity and try not to kill me for this, I am trying to
>>>>> learn.
>>>>>
>>>>> So if someone uses a corporate network to check a Gmail (using SSL).
>>>>>   If
>>>>> they check to make sure that they have a secure connection -- once
>>>>> connected
>>>>> -- and then they check the certificate to see if the cert hierarchy has
>>>>> been
>>>>> tampered with.  Everything looks fine.  Are any admin or whomever able
>>>>> to
>>>>> see you emails?  Forget about software on the computer you are using,
>>>>> only
>>>>> through the network monitoring.
>>>>>
>>>>> I was told in the forum that they could use a monitoring program like
>>>>> wireshark to view them.  In the wireshark forum I read that you would
>>>>> need
>>>>> the private key to decrypt the messages and in the forum they said that
>>>>> a
>>>>> sys admin can get the private key?  Is that information correct?  and
>>>>> if so
>>>>> how would they be able to get the private key?
>>>>>
>>>>>
>>>>> Thanks in advance
>>>>>
>>>>> _______________________________________________
>>>>> Pauldotcom mailing list
>>>>> Pauldotcom at mail.pauldotcom.com
>>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>>> Main Web Site: http://pauldotcom.com
>>>>>
>>>>> _______________________________________________
>>>>> Pauldotcom mailing list
>>>>> Pauldotcom at mail.pauldotcom.com
>>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>>> Main Web Site: http://pauldotcom.com
>>>>>
>>>>>
>>>>>            
>>>> _______________________________________________
>>>> Pauldotcom mailing list
>>>> Pauldotcom at mail.pauldotcom.com
>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>> Main Web Site: http://pauldotcom.com
>>>>
>>>>          
>>> _______________________________________________
>>> Pauldotcom mailing list
>>> Pauldotcom at mail.pauldotcom.com
>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>> Main Web Site: http://pauldotcom.com
>>>        
>>
>>
>> --
>> Joel Esler | 302-223-5974 | gtalk: jesler at sourcefire.com
>>
>> _______________________________________________
>> Pauldotcom mailing list
>> Pauldotcom at mail.pauldotcom.com
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
>>      
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>

More information about the Pauldotcom mailing list