Security Basics mailing list archives
Re: Web mail intercepted! How?
From: Mark Owen <mr.markowen () gmail com>
Date: Thu, 4 Aug 2005 11:27:13 -0400
On 4 Aug 2005 03:56:31 -0000, pagoda33 () sbcglobal net <pagoda33 () sbcglobal net> wrote:
We're going to start looking tomorrow... any ideas on how to proceed?
First, what kind of free webmail? A major player or a little unknown site offering a gb of free storage. Look at his/her sent e-mail to check that s/he didn't accidently send it or bcc it to the wrong person. If the site is a little start-up place their is always the chance that they were compromised. Second, does your employee use any kind of a proxy? Even if it is one of those anonymizer applications installed that automatically forwards everything to a proxy to help keep you anonymous. Anything sent over a proxy should be considered in public domain. For that matter, anything sent out on the Internet unencrypted should already be considered public. Last, double check to make sure no keyloggers are installed. Software or hardware. Is your employee connected to a hub or a switch? If hub, anyone else sharing that hub could have easily sniffed the information sent. If switch, check the logs to see if their have been numerous or duplicate ARP requests. Check every computer that shares the hub/switch for sniffing or other network gathering tools. Does your employee share his/her computer with anyone else? What about IT? Anyone in IT besides you? Are they trustworthy? Who would have a motive to share the e-mail? Are we 100% sure that it's not an ID10T error caused by a pebkac? Just a few rants/thoughts. -- Mark Owen
Current thread:
- Web mail intercepted! How? pagoda33 (Aug 04)
- Re: Web mail intercepted! How? Mark Owen (Aug 04)
- Re: Web mail intercepted! How? McLain Causey (Aug 05)
- Re: Web mail intercepted! How? Andrew Haninger (Aug 08)
- Re: Web mail intercepted! How? McLain Causey (Aug 05)
- RE: Web mail intercepted! How? Murad Talukdar (Aug 08)
- Re: Web mail intercepted! How? victor (Aug 08)
- Re: Web mail intercepted! How? Rodrigo Blanco (Aug 08)
- Re: Web mail intercepted! How? Micheal Espinola Jr (Aug 08)
- Re: Web mail intercepted! How? Mark Owen (Aug 04)