The Magic Caf
Username:
Password:
[ Lost Password ]
  [ Forgot Username ]
The Magic Cafe Forum Index » » Not very magical, still... » » Webmail Security (0 Likes) Printer Friendly Version

Chessmann
View Profile
Inner circle
4169 Posts

Profile of Chessmann
A friend of mine asked me a question I had no idea about, but became curious myself about it.

He has a webmail account (like Yahoo, and others...). He works for a medium sized company and knows that the IT people can track what websites he is visiting (like the Café!), and doesn't think that will be a problem. However, he also uses his webmail account while at work, and wants to know if the tech people at his work have a way, should they want, to be able to see the content of what he is emailing through his webmail account (i.e., be able to read his webmail emails).

He does have a username and password that is necessary in order to get in use his webmail (as I think all webmail sites are).

Is this possible?
My ex-cat was named "Muffin". "Vomit" would be a better name for her. AKA "The Evil Ball of Fur".
balducci
View Profile
Loyal user
Canada
230 Posts

Profile of balducci
Quote:
On 2008-05-16 13:27, Chessmann wrote:
A friend of mine asked me a question I had no idea about, but became curious myself about it.

He has a webmail account (like Yahoo, and others...). He works for a medium sized company and knows that the IT people can track what websites he is visiting (like the Café!), and doesn't think that will be a problem. However, he also uses his webmail account while at work, and wants to know if the tech people at his work have a way, should they want, to be able to see the content of what he is emailing through his webmail account (i.e., be able to read his webmail emails).

He does have a username and password that is necessary in order to get in use his webmail (as I think all webmail sites are).

Is this possible?

I'd say so. I can think of a number of different ways in which they could obtain access.

At the very least, any competent tech person with system access should be able to obtain his webmail username and password without too much trouble.
Make America Great Again! - Trump in 2020 ... "We're a capitalistic society. I go into business, I don't make it, I go bankrupt. They're not going to bail me out. I've been on welfare and food stamps. Did anyone help me? No." - Craig T. Nelson, actor.
JoeJoe
View Profile
Inner circle
Myrtle Beach
1915 Posts

Profile of JoeJoe
It is a security risk to access something on any computer other than your own.

-JoeJoe
Amazing JoeJoe on YouTube[url=https://www.youtube.com/user/AmazingJoeJoe]
Chessmann
View Profile
Inner circle
4169 Posts

Profile of Chessmann
Wow! Interesting. What about webmail emails that have already been deleted? Could they be accessed or are they flown into oblivion?
My ex-cat was named "Muffin". "Vomit" would be a better name for her. AKA "The Evil Ball of Fur".
gaddy
View Profile
Inner circle
Agent of Chaos
3352 Posts

Profile of gaddy
They could actively "packet sniff" any broadcasts from his computer, if it's are not encrypted (most webmail isn't") they could read his personal email. If it's encrypted, it's "possible they could physically retrieve this encryption key from his computer's hard drive or mathematically crack his encryption if it's not a large (of the PGP RSA type) number key.
*due to the editorial policies here, words on this site attributed to me cannot necessarily be held to be my own.*
ScottRSullivan
View Profile
Special user
874 Posts

Profile of ScottRSullivan
I'll use Gmail as an example, since that is what I've used for being "out and about" from time to time.

Email, both webmail and standard POP3 mail, is like sending postcards. Anyone can read the contents, as gaddy said, using a packet sniffer.

However, if you are using SSL, they will be unable to read the emails. This is a standard for encryption between two computers online. This protocol creates a "tunnel" that is encrypted and anything seen from outside that tunnel is random bits.

You can tell if you are using SSL if the site's address is https instead of just http. Also, there will be a lock in a corner.

I check my email from my iPhone all the time over Wi-Fi on public access points without worry because I use SSL.

Now, if they have a keystroke logger installed on that computer, all that flies out the window. This is software installed by the company on each computer that records everything typed and stores it in a logged file (normally not on the computer, but hidden on the server). Even if you go back and delete things, they log has been created and archived.

However, this only records what is TYPED and often mouse movements. Normally it doesn't record an email that you receive. However, I've heard there are now screen capture logging that records everything shown on a monitor, like a security camera.

Which brings me back to why I normally only use my iPhone to check my email when not using my own laptop. As JoeJoe mentions, correctly, never assume another computer is secure.
Chessmann
View Profile
Inner circle
4169 Posts

Profile of Chessmann
What if all emailing parties are communicating via webmail? Does this change anything? Yahoo to Yahoo, for example.
My ex-cat was named "Muffin". "Vomit" would be a better name for her. AKA "The Evil Ball of Fur".
gaddy
View Profile
Inner circle
Agent of Chaos
3352 Posts

Profile of gaddy
Quote:
On 2008-05-16 18:21, ScottRSullivan wrote:
I'll use Gmail as an example, since that is what I've used for being "out and about" from time to time.

Email, both webmail and standard POP3 mail, is like sending postcards. Anyone can read the contents, as gaddy said, using a packet sniffer.

However, if you are using SSL, they will be unable to read the emails. This is a standard for encryption between two computers online. This protocol creates a "tunnel" that is encrypted and anything seen from outside that tunnel is random bits.

You can tell if you are using SSL if the site's address is https instead of just http. Also, there will be a lock in a corner.

I check my email from my iPhone all the time over Wi-Fi on public access points without worry because I use SSL.

Now, if they have a keystroke logger installed on that computer, all that flies out the window. This is software installed by the company on each computer that records everything typed and stores it in a logged file (normally not on the computer, but hidden on the server). Even if you go back and delete things, they log has been created and archived.

However, this only records what is TYPED and often mouse movements. Normally it doesn't record an email that you receive. However, I've heard there are now screen capture logging that records everything shown on a monitor, like a security camera.

Which brings me back to why I normally only use my iPhone to check my email when not using my own laptop. As JoeJoe mentions, correctly, never assume another computer is secure.


Scott,

thanks for bringing more clarity to this subject than I could.
*due to the editorial policies here, words on this site attributed to me cannot necessarily be held to be my own.*
ScottRSullivan
View Profile
Special user
874 Posts

Profile of ScottRSullivan
Thanks, but I'm not the best resource. I know enough to be dangerous. That's all.

You study crytography? You seem to be very knowledgeable.
The Magic Cafe Forum Index » » Not very magical, still... » » Webmail Security (0 Likes)
[ Top of Page ]
All content & postings Copyright © 2001-2022 Steve Brooks. All Rights Reserved.
This page was created in 0.02 seconds requiring 5 database queries.
The views and comments expressed on The Magic Café
are not necessarily those of The Magic Café, Steve Brooks, or Steve Brooks Magic.
> Privacy Statement <

ROTFL Billions and billions served! ROTFL