Re: Web mail intercepted! How?

[Rodrigo Blanco <rodrigo.blanco.r () gmail com>]

It is not so hard to obtain certain mail service's passwords,
depending on the provider. Even the password recovery questions can
sometimes be very obvious... so I would point at social engineering
first.

If you are sure this is not the problem, I agree that hub sniffing or
ARP spoofing (if you have a switched network) could be the problem.
With ettercap for instance, it is fairly easy for someone to play an
unnoticed man in the middle attack to eavesdrop the HTTP traffic of
another computer. From there on, obtaining the password is really not
hard. I think ettercap even has a mode in which it can detect other
computers running it, so this could help you detect such a problem (if
it is ettercp that is being used).

Regards,
Rodrigo.

On 4 Aug 2005 03:56:31 -0000, pagoda33 () sbcglobal net
<pagoda33 () sbcglobal net> wrote:
> Someone at our company sent email using a free Web mail service from a workstation inside our network. The message 
> was somehow intercepted by a third party, was forwarded to an unknown number of people, and found its way back to the 
> sender...
>
> Needless to say, the sender is quite upset ...
>
> We don't know whether the Web mail account was compromised from the outside, or if someone is packet-sniffing or 
> keylogging from inside the network.
>
> We're going to start looking tomorrow... any ideas on how to proceed?