From an enterprise perspective, there are plenty of products on the
market that allow for SSL inspection (Microsoft Forefront TMG,
Cymphonix/ContentWatch, Citrix Netscalers, etc.) and can capture traffic
or monitor activities. Usually they facilitate this by using a
self-signed certificate that is published as trusted by group policy
going to their appliance/software, then make the request on behalf of
the client. This is (can be) done transparently to the client, so
unless the certificate is carefully inspected, it may not be noticed.
________________________________
From: [email protected]
[mailto:[email protected]] On Behalf Of Joel Esler
Sent: Wednesday, December 16, 2009 12:49 AM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Can a sys admin see a gmail account
Let's assume this. Is it possible? Yes. However, it'd be extremely
difficult and extremely unlikely. Theoretically, yes, they can see what
you are doing. But I'd bet not.
J
On Tue, Dec 15, 2009 at 8:55 PM, Abdul Qabiz <[email protected]> wrote:
You are right, many admins don't have that much time. However, I learnt,
any user on network can actually find out about your cookies, that can
be scary situation.
I would not trust any network, except the one I control.
On 16/12/09 12:23 AM, Michael Miller wrote:
> I would have to agree. If I was a "EVIL BOFH" I would use
> slidejacking to get into the users session. One question I'm asking
> my self right now is, How much time do the admins have to do this?
> Unless it's sanctioned by management. They would be violating any
> number of state& federal laws, and possibly company policy. If you
> fear you are being investigated at work. Don't use your work computer
> for non-business related communications.
>
> -mmiller
>
> On Tue, Dec 15, 2009 at 1:25 AM, Abdul Qabiz<[email protected]> wrote:
>
>> What I have learnt, if you are on switched network, one can play MITM
attack
>> or dns spoofing, to get the GX cookies.
>>
>> That's all you need, GX cookies. One can use GX cookies to login into
your
>> gmail account.
>>
>>
>> On 15/12/09 2:00 AM, Shawn McGovern wrote:
>>
>> Ok so my question was posted in a forum and someone gave me and
answer but
>> didnt explain it and then the forum post was when closed on me. So I
will
>> ask here for clarity and try not to kill me for this, I am trying to
learn.
>>
>> So if someone uses a corporate network to check a Gmail (using SSL).
If
>> they check to make sure that they have a secure connection -- once
connected
>> -- and then they check the certificate to see if the cert hierarchy
has been
>> tampered with. Everything looks fine. Are any admin or whomever
able to
>> see you emails? Forget about software on the computer you are using,
only
>> through the network monitoring.
>>
>> I was told in the forum that they could use a monitoring program like
>> wireshark to view them. In the wireshark forum I read that you would
need
>> the private key to decrypt the messages and in the forum they said
that a
>> sys admin can get the private key? Is that information correct? and
if so
>> how would they be able to get the private key?
>>
>>
>> Thanks in advance
>>
>> _______________________________________________
>> Pauldotcom mailing list
>> [email protected]
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
>> _______________________________________________
>> Pauldotcom mailing list
>> [email protected]
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
>>
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
--
Joel Esler | 302-223-5974 | gtalk: [email protected]
******************************************************************************
This email contains confidential and proprietary information and is not to be
used or disclosed to anyone other than the named recipient of this email,
and is to be used only for the intended purpose of this communication.
******************************************************************************
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
