Security Basics mailing list archives
Re: Web mail intercepted! How?
From: Rodrigo Blanco <rodrigo.blanco.r () gmail com>
Date: Fri, 5 Aug 2005 02:54:34 -0600
It is not so hard to obtain certain mail service's passwords, depending on the provider. Even the password recovery questions can sometimes be very obvious... so I would point at social engineering first. If you are sure this is not the problem, I agree that hub sniffing or ARP spoofing (if you have a switched network) could be the problem. With ettercap for instance, it is fairly easy for someone to play an unnoticed man in the middle attack to eavesdrop the HTTP traffic of another computer. From there on, obtaining the password is really not hard. I think ettercap even has a mode in which it can detect other computers running it, so this could help you detect such a problem (if it is ettercp that is being used). Regards, Rodrigo. On 4 Aug 2005 03:56:31 -0000, pagoda33 () sbcglobal net <pagoda33 () sbcglobal net> wrote:
Someone at our company sent email using a free Web mail service from a workstation inside our network. The message was somehow intercepted by a third party, was forwarded to an unknown number of people, and found its way back to the sender... Needless to say, the sender is quite upset ... We don't know whether the Web mail account was compromised from the outside, or if someone is packet-sniffing or keylogging from inside the network. We're going to start looking tomorrow... any ideas on how to proceed?
Current thread:
- Web mail intercepted! How? pagoda33 (Aug 04)
- Re: Web mail intercepted! How? Mark Owen (Aug 04)
- Re: Web mail intercepted! How? McLain Causey (Aug 05)
- Re: Web mail intercepted! How? Andrew Haninger (Aug 08)
- Re: Web mail intercepted! How? McLain Causey (Aug 05)
- RE: Web mail intercepted! How? Murad Talukdar (Aug 08)
- Re: Web mail intercepted! How? victor (Aug 08)
- Re: Web mail intercepted! How? Rodrigo Blanco (Aug 08)
- Re: Web mail intercepted! How? Micheal Espinola Jr (Aug 08)
- Re: Web mail intercepted! How? Mark Owen (Aug 04)