Re: Sniffing emails - how?

[miguel.dilaj () pharma novartis com]

Hi Derek,

To the local network, or to any of the machines involved (like the email 
server, even if it's on the Internet), or with the possibility to install 
a sniffing agent (typically a trojan horse) in any of the machines 
involved.
Plain sniffing on the Internet is not possible, because you can't sniff 
behind a router (that are network boundaries).
A looooong time ago I read some rumour about the possibility to sniff 
immediately on the other side of a router, but I don't remember if it was 
done exploiting a router vulnerability or similar.
Cheers,

Miguel Dilaj (Nekromancer)
www.oissg.org






Derek Fountain <dflists () iinet net au>
13/11/2004 02:50

 
        To:     : <security-basics () lists securityfocus com>
        cc:     (bcc: Miguel Dilaj/PH/Novartis)
        Subject:        Sniffing emails - how?


Reading the archives of this and other lists, I occasionally come across 
quotes like this (from the WebApp list in this case):

"2/ That sending a user's password in clear text over email systems is a 
secure method; inappropriate for most sites. For example, an attacker 
could 
provoke the password recovery procedure for his colleague and sniff the 
email 
containing the password with relative ease."

Am I correct in thinking that this is only a real problem when an attacker 
has 
access to the same network as the email recipient? Or is this kind of 
sniffing possible across the internet in general?