PaulDotCom mailing list archives
Can a sys admin see a gmail account
From: d.auclair at utoronto.ca (David Auclair)
Date: Tue, 15 Dec 2009 08:39:03 -0500
And there's also Echo Mirage [http://www.bindshell.net/tools/echomirage], which can hook an executable that's using SSL connections, and dump the plaintext. Basically, if they own the box, they can do whatever they want... I don't think too many admins would do this though (unless you pissed them off). -Dave From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Chris Merkel Sent: Monday, December 14, 2009 4:52 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Can a sys admin see a gmail account If you're using a corporate asset, a sysadmin could install software to record all of your screen actions, keystrokes, copy everything off your HDD without you knowing, monitor all your network traffic, etc. Worrying about SSL in that context would be a bit silly. My recommendation, if you're really concerned about it, would to bring your own netbook + EVDO card to work if you need any semblance of privacy. - Chris On Mon, Dec 14, 2009 at 2:30 PM, Shawn McGovern <26mcgovern at gmail.com<mailto:26mcgovern at gmail.com>> wrote: Ok so my question was posted in a forum and someone gave me and answer but didnt explain it and then the forum post was when closed on me. So I will ask here for clarity and try not to kill me for this, I am trying to learn. So if someone uses a corporate network to check a Gmail (using SSL). If they check to make sure that they have a secure connection -- once connected -- and then they check the certificate to see if the cert hierarchy has been tampered with. Everything looks fine. Are any admin or whomever able to see you emails? Forget about software on the computer you are using, only through the network monitoring. I was told in the forum that they could use a monitoring program like wireshark to view them. In the wireshark forum I read that you would need the private key to decrypt the messages and in the forum they said that a sys admin can get the private key? Is that information correct? and if so how would they be able to get the private key? Thanks in advance _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com<mailto:Pauldotcom at mail.pauldotcom.com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com -- - Chris Merkel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091215/b3c4ec22/attachment.htm
Current thread:
- Can a sys admin see a gmail account Shawn McGovern (Dec 14)
- Can a sys admin see a gmail account Bradley McMahon (Dec 14)
- Can a sys admin see a gmail account Chris Merkel (Dec 14)
- Can a sys admin see a gmail account Kennith Asher (Dec 14)
- Can a sys admin see a gmail account David Auclair (Dec 15)
- Can a sys admin see a gmail account Abdul Qabiz (Dec 15)
- Can a sys admin see a gmail account Michael Miller (Dec 15)
- Can a sys admin see a gmail account Abdul Qabiz (Dec 15)
- Can a sys admin see a gmail account bhoff at itworldclass.com (Dec 15)
- Can a sys admin see a gmail account Joel Esler (Dec 15)
- Can a sys admin see a gmail account Michael Douglas (Dec 16)
- Can a sys admin see a gmail account Abdul Qabiz (Dec 16)
- Can a sys admin see a gmail account d4ncingd4n at gmail.com (Dec 16)
- Can a sys admin see a gmail account Michael Miller (Dec 15)
- Can a sys admin see a gmail account Butturini, Russell (Dec 16)
- <Possible follow-ups>
- Can a sys admin see a gmail account David A. Gershman (Dec 14)