Can a sys admin see a gmail account

[bradmcmahon at gmail.com (Bradley McMahon)]

watch Moxie's talk
http://www.defcon.org/html/links/dc-archives/dc-17-archive.html#Marlinspike

I believe that is the best method. Though being a sysadmin myself I think
your safe from your sysadmin unless you pissed them off or they have a
reason to be monitoring you. preforming a wide spread MiTM attack on a
corporate network they are administrating is asking for trouble.
-Brad



On Mon, Dec 14, 2009 at 3:30 PM, Shawn McGovern <26mcgovern at gmail.com>wrote:

> Ok so my question was posted in a forum and someone gave me and answer but
> didnt explain it and then the forum post was when closed on me.  So I will
> ask here for clarity and try not to kill me for this, I am trying to learn.
>
> So if someone uses a corporate network to check a Gmail (using SSL).  If
> they check to make sure that they have a secure connection -- once connected
> -- and then they check the certificate to see if the cert hierarchy has been
> tampered with.  Everything looks fine.  Are any admin or whomever able to
> see you emails?  Forget about software on the computer you are using, only
> through the network monitoring.
>
> I was told in the forum that they could use a monitoring program like
> wireshark to view them.  In the wireshark forum I read that you would need
> the private key to decrypt the messages and in the forum they said that a
> sys admin can get the private key?  Is that information correct?  and if so
> how would they be able to get the private key?
>
>
> Thanks in advance
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091214/42e94016/attachment.htm