[Owasp-singapore] Company network administrator hack into employee Yahoo email mailbox

Donald Ong donald.ong at gmail.com
Tue Sep 1 01:17:16 EDT 2009


Hi Fong Kai,

Yes, you are right. The network admin joined the company 1 week later after
the employee left the company. It would be quite impossible to hijack the
user session since they don't even met before. My friend told me the network
admin was tasked to carry out an investigation on the ex-exmployee on any
unauthorized email sent to his personal email.

Could it be possible that the network admin the employee windows domain
password, and then found the domain password works for his yahoo email
account? I believe most of the people would use the same password for most
of his email accounts.

---
Hi all,

Yup, I also agree the possibility is endless. It is scary for the company to
be able to hack into the employee personal email because he/she has accessed
it before in the company network. Does the company network logged such
sensitive information in the network traffics? Any network admin can
comments on this? Is it even possible to find the user email and password
even if it is SSL encrypted using the network log?

Recently, I found a youtube clip on hacking into someone's yahoo email
account using the profile view method via yahoo messenger. I wonder if this
clip something that is real or a fake. Anyone came by this clip before? Is
it real?

It seems to be becoming very real that accessing personal email via the
company network is a dangerous and insecure even if the site is SSL
encrypted. One would never know if someone is watching on his network access
without his/her knowledge.


Regards,
Donald


On Tue, Sep 1, 2009 at 11:49 AM, <Winston.Leong at sg.ey.com> wrote:

> "The possibility is endless." I can't agree more.
>
> Just to add on,
> In this situation, if I am put into the position to get the account ASAP, I
> would use social engineering to archive it. One simple way is to "convince"
> the (robot) administrator that you need to recover your password.
>
> I am not sure if I should post this, but I guess it probably no longer
> works anyway. One of the way to "craft" the email to the robot admin so
> that it nicely gives you the (resetted) password of the target account. It
> (used) to work on many mail server. Well, another common use of this
> tactics also created a lot of "cases" for my friends in the SPF due to
> hijacking of accounts in popular MMORPG.
>
>
> Regards, Winston Leong
>
>  (Embedded image moved   Winston Leong | Technology and Security Risk
> Services
>  to file: pic14008.gif)
>
>                         Ernst & Young Risk Advisory Services Pte. Ltd
>
>                         One Raffles Quay, North Tower, Level 18, Singapore
> 048583
>
>                         Office: +65 6309 6766 | Fax: +65 6532 7662
>
>                         Mobile: +65 9028 3600
>
>                         Website: www.ey.com
>
>                         Thank you for considering the environmental impact
> of printing emails.
>
>
>
>
>
> The information contained in this communication is intended solely for the
> use of the individual or entity to whom it is addressed and others
> authorized to receive it. It may contain confidential or legally privileged
> information. If you are not the intended recipient you are hereby notified
> that any disclosure, copying, distribution or taking any action in reliance
> on the contents of this information is strictly prohibited and may be
> unlawful. If you have received this communication in error, please notify
> us immediately by responding to this email and then delete it from your
> system. We are neither liable for the proper and complete transmission of
> the information contained in this communication nor for any delay in its
> receipt.
>
> Ernst & Young LLP (UEN T08LL0859H) is an accounting limited
> liability partnership registered in Singapore under the Limited Liability
> Partnerships Act (Chapter 163A).
>
> Ernst & Young Solutions LLP (UEN T08LL0784H) is a limited
> liability partnership registered in Singapore under the Limited Liability
> Partnerships Act (Chapter 163A).
>
> Ernst & Young Advisory Pte. Ltd. is a company incorporated in Singapore
> with UEN 198905395E.
>
> Ernst & Young Corporate Finance Pte Ltd is a company incorporated in
> Singapore with UEN 199702967E.
>
> Ernst & Young Customs & International Trade Services Private Limited is a
> company incorporated in Singapore with UEN 200206660G.
>
>
>
>              FunKy
>             <chongfk98 at yahoo.
>             com>                                                       To
>             Sent by:                  donald.ong at gmail.com
>             owasp-singapore-b                                          cc
>             ounces at lists.owas         Owasp-singapore at lists.owasp.org
>             p.org                                                 Subject
>                                        Re: [Owasp-singapore] Company
>                                       network administrator hack into
>              01/09/2009 08:49          employee Yahoo email mailbox
>             AM
>
>
>
>
>
>
>
>
>
>
>  Hi,
>
>  First time replying here. Just my 2 cents, I think he specifically
>  mentioned that the Admin joined the company after the victim left the
>  company.
>
>  If that is the case, then the Admin wouldn't have been able to hijack any
>  session. Please correct me if I am wrong.
>
>  If there is no physical means to obtain the information (post-it notes for
>  example =) ), then could it be possible that the company keeps a history
>  of all information passing the gateway? I know my company keep tracks of
>  the websites that the employee's visit. However, I do not know if they
>  keep a log of additional information passed.
>
>  Also, considering that the victim 'left' the company, usually the Admin
>  would be required to 'cleanup' the workstation that the victim was using.
>  The Admin could have tapped into the PC itself to retrieve the
>  'remembered' passwords. The possibility is endless.
>
>  I am not a professional when it comes to security, just my 2 cents and
>  someone please correct me if I am thinking in the wrong direction.
>
>  Thank you.
>
>  Regards,
>  Fong Kai
>
>
>
>  --- On Mon, 8/31/09, Winston.Leong at sg.ey.com <Winston.Leong at sg.ey.com>
>  wrote:
>
>
>     From: Winston.Leong at sg.ey.com <Winston.Leong at sg.ey.com>
>     Subject: Re: [Owasp-singapore] Company network administrator hack into
>  employee Yahoo email mailbox
>     To: "Donald Ong" <donald.ong at gmail.com>
>     Cc: "SIG - OWASP Singapore @MailingList"
>  <owasp-singapore at lists.owasp.org>,
> owasp-singapore-bounces at lists.owasp.org
>     Date: Monday, August 31, 2009, 3:20 AM
>
>     The following could had happened:
>
>     1. The user did not login using SSL, which makes all username and
>  password
>     non-encrypted.
>     2. The administrator simple hijacked the session to obtain a valid
>  login.
>     3. The user simply pasted his password on some post-it which can be
>  seen.
>
>     Regards, Winston Leong
>
>     (Embedded image moved   Winston Leong | Technology and Security Risk
>  Services
>     to file: pic13169.gif)
>
>
>                              Ernst & Young Risk Advisory Services Pte. Ltd
>
>
>                              One Raffles Quay, North Tower, Level 18,
>  Singapore 048583
>
>                              Office: +65 6309 6766 | Fax: +65 6532 7662
>
>
>                              Mobile: +65 9028 3600
>
>
>                              Website: www.ey.com
>
>
>                              Thank you for considering the environmental
>  impact of printing emails.
>
>
>
>
>
>     The information contained in this communication is intended solely for
>  the
>     use of the individual or entity to whom it is addressed and others
>     authorized to receive it. It may contain confidential or legally
>  privileged
>     information. If you are not the intended recipient you are hereby
>  notified
>     that any disclosure, copying, distribution or taking any action in
>  reliance
>     on the contents of this information is strictly prohibited and may be
>     unlawful. If you have received this communication in error, please
>  notify
>     us immediately by responding to this email and then delete it from
>  your
>     system. We are neither liable for the proper and complete transmission
>  of
>     the information contained in this communication nor for any delay in
>  its
>     receipt.
>
>     Ernst & Young LLP (UEN T08LL0859H) is an accounting limited
>     liability partnership registered in Singapore under the Limited
>  Liability
>     Partnerships Act (Chapter 163A).
>
>     Ernst & Young Solutions LLP (UEN T08LL0784H) is a limited
>     liability partnership registered in Singapore under the Limited
>  Liability
>     Partnerships Act (Chapter 163A).
>
>     Ernst & Young Advisory Pte. Ltd. is a company incorporated in
>  Singapore
>     with UEN 198905395E.
>
>     Ernst & Young Corporate Finance Pte Ltd is a company incorporated in
>     Singapore with UEN 199702967E.
>
>     Ernst & Young Customs & International Trade Services Private Limited
>  is a
>     company incorporated in Singapore with UEN 200206660G.
>
>
>
>                  Donald Ong
>
>                  <donald.ong at gmail
>
>                  .com>
>  To
>                  Sent by:                  "SIG - OWASP Singapore
>
>                  owasp-singapore-b         @MailingList"
>
>                  ounces at lists.owas
>  <owasp-singapore at lists.owasp.org>
>                  p.org
>  cc
>
>
>  Subject
>                  28/08/2009 07:56          [Owasp-singapore] Company
>  network
>                  PM                        administrator hack into
>  employee
>                                            Yahoo email mailbox
>
>
>
>
>
>
>
>
>
>
>
>     Hi everyone,
>
>
>     My friend working in another company saw his network administrator
>  hack
>     into the employee yahoo email mailbox successfully. He mentioned it
>  was
>     quick and in minutes the network admin know the password of the email
>     account.
>
>
>
>
>
>     Regards,
>     Donald
>
>
>     ~~~~powered by
>  Android~~~~_______________________________________________
>     Owasp-singapore mailing list
>     Owasp-singapore at lists.owasp.org
>     https://lists.owasp.org/mailman/listinfo/owasp-singapore
>
>
>
>     -----Inline Attachment Follows-----
>
>     _______________________________________________
>     Owasp-singapore mailing list
>     Owasp-singapore at lists.owasp.org
>     https://lists.owasp.org/mailman/listinfo/owasp-singapore
>
>
>
>
> _______________________________________________
> Owasp-singapore mailing list
> Owasp-singapore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-singapore
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20090901/a1b1e82d/attachment-0001.html 


More information about the Owasp-singapore mailing list