What I have learnt, if you are on switched network, one can play MITM
attack or dns spoofing, to get the GX cookies.
That's all you need, GX cookies. One can use GX cookies to login into
your gmail account.
On 15/12/09 2:00 AM, Shawn McGovern wrote:
Ok so my question was posted in a forum and someone gave me and answer
but didnt explain it and then the forum post was when closed on me.
So I will ask here for clarity and try not to kill me for this, I am
trying to learn.
So if someone uses a corporate network to check a Gmail (using SSL).
If they check to make sure that they have a secure connection -- once
connected -- and then they check the certificate to see if the cert
hierarchy has been tampered with. Everything looks fine. Are any
admin or whomever able to see you emails? Forget about software on
the computer you are using, only through the network monitoring.
I was told in the forum that they could use a monitoring program like
wireshark to view them. In the wireshark forum I read that you would
need the private key to decrypt the messages and in the forum they
said that a sys admin can get the private key? Is that information
correct? and if so how would they be able to get the private key?
Thanks in advance
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
