Perhaps I'm not aware of how google or modern web browsers handle things... but I thought an admin would be able to mount your C$ share (yes I know I can't assume everyone's running windows... but come on!) Once they have access to your HD, it's just a matter of reading the local cache.
Here's an older BlackHat Briefings talk about this from 2003 www.blackhat.com/presentations/bh-usa-03/bh-us-03-akin.pdf (yes it is a pdf) The techniques in the above link are far from perfect... sent mail isn't cached for instance... I need to try this out again. But I had... I mean Bob had -- Yeah Bob -- had lots of fun with this a while back. - Mick On Wed, Dec 16, 2009 at 1:49 AM, Joel Esler <[email protected]> wrote: > Let's assume this. Is it possible? Yes. However, it'd be extremely > difficult and extremely unlikely. Theoretically, yes, they can see what you > are doing. But I'd bet not. > J > > On Tue, Dec 15, 2009 at 8:55 PM, Abdul Qabiz <[email protected]> wrote: >> >> You are right, many admins don't have that much time. However, I learnt, >> any user on network can actually find out about your cookies, that can >> be scary situation. >> >> I would not trust any network, except the one I control. >> >> >> >> On 16/12/09 12:23 AM, Michael Miller wrote: >> > I would have to agree. If I was a "EVIL BOFH" I would use >> > slidejacking to get into the users session. One question I'm asking >> > my self right now is, How much time do the admins have to do this? >> > Unless it's sanctioned by management. They would be violating any >> > number of state& federal laws, and possibly company policy. If you >> > fear you are being investigated at work. Don't use your work computer >> > for non-business related communications. >> > >> > -mmiller >> > >> > On Tue, Dec 15, 2009 at 1:25 AM, Abdul Qabiz<[email protected]> wrote: >> > >> >> What I have learnt, if you are on switched network, one can play MITM >> >> attack >> >> or dns spoofing, to get the GX cookies. >> >> >> >> That's all you need, GX cookies. One can use GX cookies to login into >> >> your >> >> gmail account. >> >> >> >> >> >> On 15/12/09 2:00 AM, Shawn McGovern wrote: >> >> >> >> Ok so my question was posted in a forum and someone gave me and answer >> >> but >> >> didnt explain it and then the forum post was when closed on me. So I >> >> will >> >> ask here for clarity and try not to kill me for this, I am trying to >> >> learn. >> >> >> >> So if someone uses a corporate network to check a Gmail (using SSL). >> >> If >> >> they check to make sure that they have a secure connection -- once >> >> connected >> >> -- and then they check the certificate to see if the cert hierarchy has >> >> been >> >> tampered with. Everything looks fine. Are any admin or whomever able >> >> to >> >> see you emails? Forget about software on the computer you are using, >> >> only >> >> through the network monitoring. >> >> >> >> I was told in the forum that they could use a monitoring program like >> >> wireshark to view them. In the wireshark forum I read that you would >> >> need >> >> the private key to decrypt the messages and in the forum they said that >> >> a >> >> sys admin can get the private key? Is that information correct? and >> >> if so >> >> how would they be able to get the private key? >> >> >> >> >> >> Thanks in advance >> >> >> >> _______________________________________________ >> >> Pauldotcom mailing list >> >> [email protected] >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >> Main Web Site: http://pauldotcom.com >> >> >> >> _______________________________________________ >> >> Pauldotcom mailing list >> >> [email protected] >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >> Main Web Site: http://pauldotcom.com >> >> >> >> >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> > >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > > -- > Joel Esler | 302-223-5974 | gtalk: [email protected] > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
