Let's assume this. Is it possible? Yes. However, it'd be extremely difficult and extremely unlikely. Theoretically, yes, they can see what you are doing. But I'd bet not.
J On Tue, Dec 15, 2009 at 8:55 PM, Abdul Qabiz <[email protected]> wrote: > You are right, many admins don't have that much time. However, I learnt, > any user on network can actually find out about your cookies, that can > be scary situation. > > I would not trust any network, except the one I control. > > > > On 16/12/09 12:23 AM, Michael Miller wrote: > > I would have to agree. If I was a "EVIL BOFH" I would use > > slidejacking to get into the users session. One question I'm asking > > my self right now is, How much time do the admins have to do this? > > Unless it's sanctioned by management. They would be violating any > > number of state& federal laws, and possibly company policy. If you > > fear you are being investigated at work. Don't use your work computer > > for non-business related communications. > > > > -mmiller > > > > On Tue, Dec 15, 2009 at 1:25 AM, Abdul Qabiz<[email protected]> wrote: > > > >> What I have learnt, if you are on switched network, one can play MITM > attack > >> or dns spoofing, to get the GX cookies. > >> > >> That's all you need, GX cookies. One can use GX cookies to login into > your > >> gmail account. > >> > >> > >> On 15/12/09 2:00 AM, Shawn McGovern wrote: > >> > >> Ok so my question was posted in a forum and someone gave me and answer > but > >> didnt explain it and then the forum post was when closed on me. So I > will > >> ask here for clarity and try not to kill me for this, I am trying to > learn. > >> > >> So if someone uses a corporate network to check a Gmail (using SSL). If > >> they check to make sure that they have a secure connection -- once > connected > >> -- and then they check the certificate to see if the cert hierarchy has > been > >> tampered with. Everything looks fine. Are any admin or whomever able > to > >> see you emails? Forget about software on the computer you are using, > only > >> through the network monitoring. > >> > >> I was told in the forum that they could use a monitoring program like > >> wireshark to view them. In the wireshark forum I read that you would > need > >> the private key to decrypt the messages and in the forum they said that > a > >> sys admin can get the private key? Is that information correct? and if > so > >> how would they be able to get the private key? > >> > >> > >> Thanks in advance > >> > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > >> > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Joel Esler | 302-223-5974 | gtalk: [email protected]
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
