A sys admin doing anykind of email sniffing on a thirdparty mail system is going to find themselves in all kind of legal trouble. Brett Hoff Senior IT Security Engineer Antler,Inc. Sec+,Linux+,RHCT,GCFA
-----Original Message----- From: Abdul Qabiz <[email protected]> Date: Wed, 16 Dec 2009 07:25:29 To: PaulDotCom Security Weekly Mailing List<[email protected]> Subject: Re: [Pauldotcom] Can a sys admin see a gmail account You are right, many admins don't have that much time. However, I learnt, any user on network can actually find out about your cookies, that can be scary situation. I would not trust any network, except the one I control. On 16/12/09 12:23 AM, Michael Miller wrote: > I would have to agree. If I was a "EVIL BOFH" I would use > slidejacking to get into the users session. One question I'm asking > my self right now is, How much time do the admins have to do this? > Unless it's sanctioned by management. They would be violating any > number of state& federal laws, and possibly company policy. If you > fear you are being investigated at work. Don't use your work computer > for non-business related communications. > > -mmiller > > On Tue, Dec 15, 2009 at 1:25 AM, Abdul Qabiz<[email protected]> wrote: > >> What I have learnt, if you are on switched network, one can play MITM attack >> or dns spoofing, to get the GX cookies. >> >> That's all you need, GX cookies. One can use GX cookies to login into your >> gmail account. >> >> >> On 15/12/09 2:00 AM, Shawn McGovern wrote: >> >> Ok so my question was posted in a forum and someone gave me and answer but >> didnt explain it and then the forum post was when closed on me. So I will >> ask here for clarity and try not to kill me for this, I am trying to learn. >> >> So if someone uses a corporate network to check a Gmail (using SSL). If >> they check to make sure that they have a secure connection -- once connected >> -- and then they check the certificate to see if the cert hierarchy has been >> tampered with. Everything looks fine. Are any admin or whomever able to >> see you emails? Forget about software on the computer you are using, only >> through the network monitoring. >> >> I was told in the forum that they could use a monitoring program like >> wireshark to view them. In the wireshark forum I read that you would need >> the private key to decrypt the messages and in the forum they said that a >> sys admin can get the private key? Is that information correct? and if so >> how would they be able to get the private key? >> >> >> Thanks in advance >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
