aniston
asked on
TCP Sniffer - Can they monitor/break HTTPS
I'm a bit paranoid if people can monitor my passwords from my desktop. I try to make sure no spyware or key loggers are installed (i wish there was a way to detect something like this more reliably) but now I'm wondering if someone connected to the same router / gateway could be sniffing all outgoing TCP requests.
I am logging into HTTPS websites. Is it possible, even though SSL is active, for a foreign person not on my PC though possibly in the same workgroup to monitor my outgoing requests and view my passwords? For example Gmail log in?
I am logging into HTTPS websites. Is it possible, even though SSL is active, for a foreign person not on my PC though possibly in the same workgroup to monitor my outgoing requests and view my passwords? For example Gmail log in?
Technically speaking anything IS possible but the probability of it happening of you are so cautious is low. You cannot garuntee your computer info is safe...only mitigate the risk of it being comprimised. The only 'safe' computer is the one left in its packaging.
Is this a home network setup or are we talking a business or another private/public organization's network?
If it is a wireless home network, yes, they technically can sniff your information out with the right wireless monitoring equipment. It would take great skill to turn that sniffed data into viable information such as passwords from your computer. If you have enabled encryption like wep, that can make it more difficult. WEP is crackable. Someone can crack it if given enough time.
As for keyloggers...a very real threat. If you have other computers on your network they can access your computer if it is shared out. They will need admin priveledges to install it still. Spyware detection programs are out there and are pretty effective. As long as you know who has physical access to your computer it seems like you are doing enough to mitigate risk. The chances of a 'hacker' devoting so much time and effort to someone's home computer is relatively low unless you have a real good reason for someone to hate you that bad :P
If you are still worried by keyloggers, frequently look at the add/remove programs. look for newly installed software. run virus scans and spyware scans. Unless the keyloggers are staying in
If it is an organization/business network, you are at the mercy of the IT staff. It is their responsibility to keep the systems safe. Just make sure you exercise the same caution you have already with accessing websites. If you really dont want people to know the things you are doing on websites then I'd merely suggest not doing it on the work computers to stay safe.
Is this a home network setup or are we talking a business or another private/public organization's network?
If it is a wireless home network, yes, they technically can sniff your information out with the right wireless monitoring equipment. It would take great skill to turn that sniffed data into viable information such as passwords from your computer. If you have enabled encryption like wep, that can make it more difficult. WEP is crackable. Someone can crack it if given enough time.
As for keyloggers...a very real threat. If you have other computers on your network they can access your computer if it is shared out. They will need admin priveledges to install it still. Spyware detection programs are out there and are pretty effective. As long as you know who has physical access to your computer it seems like you are doing enough to mitigate risk. The chances of a 'hacker' devoting so much time and effort to someone's home computer is relatively low unless you have a real good reason for someone to hate you that bad :P
If you are still worried by keyloggers, frequently look at the add/remove programs. look for newly installed software. run virus scans and spyware scans. Unless the keyloggers are staying in
If it is an organization/business network, you are at the mercy of the IT staff. It is their responsibility to keep the systems safe. Just make sure you exercise the same caution you have already with accessing websites. If you really dont want people to know the things you are doing on websites then I'd merely suggest not doing it on the work computers to stay safe.
You are also at risk if the implementations are poor or based on weak algorithms.
I found the example I was thinking of too: http://www.insidetech.com/news/articles/3669-hackers-break-ssl-certificates-impersonate-ca
I found the example I was thinking of too: http://www.insidetech.com/news/articles/3669-hackers-break-ssl-certificates-impersonate-ca
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes i am within a home network. Actually i am sharing my internet connection with a friend but we've been having a bit of a outting and he is the type to retaliate. In fact i know he was able to log into my GMail account (i checked gmail's logs and saw his ip address). Originally he did have my local PC's login name and password, so he does have admin access to my PC.
I'm just wondering how the heck did he get my password into Gmail. I was thinking key logger but a quick scan shows nothing unless he removed it after he got the password. And it doesnt sound likely that he can scan the outgoing tcp packets while i am connected to the HTTPS gmail login page.
Is he able to install the keylogger remotely once he has my login/password t my destop? We are using Windows Vista.
I'm just wondering how the heck did he get my password into Gmail. I was thinking key logger but a quick scan shows nothing unless he removed it after he got the password. And it doesnt sound likely that he can scan the outgoing tcp packets while i am connected to the HTTPS gmail login page.
Is he able to install the keylogger remotely once he has my login/password t my destop? We are using Windows Vista.
Is he able to install the keylogger remotely once he has my login/password t my destop?
Yes.
If in doubt I would back up your files and clean install your PC (assuming you are comfortable doing that). If your PC has been compromised you cannot trust any software to correctly report if there is a problem - take a quick look at the dangers of rootkits.
Yes.
If in doubt I would back up your files and clean install your PC (assuming you are comfortable doing that). If your PC has been compromised you cannot trust any software to correctly report if there is a problem - take a quick look at the dangers of rootkits.
piggybacking off lamaslany's last comment.
I've even read on some keylogging done by phone! Some security agency developed a system that was able to determine keystrokes by the sound of the user typing on the keyboard while they were on the telephone. They made a database of recorded keystroke noises from various models of keyboards.
If that isn't enough to get you paranoid, I don't know what is!
I've even read on some keylogging done by phone! Some security agency developed a system that was able to determine keystrokes by the sound of the user typing on the keyboard while they were on the telephone. They made a database of recorded keystroke noises from various models of keyboards.
If that isn't enough to get you paranoid, I don't know what is!
ASKER
Once my PC has been reinstalled with a fresh cop of Windows, what is the best way to keep my system from getting key loggers? Is there any way i can easily detect them? Of course i wont give out my password but i would like a tool to help check things out. Again this could be a home made keylogger rather than a popular one off the net therefore not detectable. I dont have faith in those heuristic scans.
I was surfing and came across System Mechanic. It appears to have a feature that can snapshot and compare changes to your registry. I figure i could use that to detect anomalies? Granted the person in question knows much about DLL injection (piggy backing with safe .EXE files).
I was surfing and came across System Mechanic. It appears to have a feature that can snapshot and compare changes to your registry. I figure i could use that to detect anomalies? Granted the person in question knows much about DLL injection (piggy backing with safe .EXE files).
ASKER
I should also mention we both use Firefox. I'm wondering if he was able to obtain any relevant security key information from my firefox browser in order to make decoding a sniffed packet easier on his end.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1. Ensure that your PC is fully patched. This means the latest patches and service packs for your OS, applications and even drivers.
2. Ensure you have a firewall installed. If you are careful about what you run and don't blindly allow everything that wants to be given access even the Windows Firewall will do a decent job of protecting you.
3. Ensure you are running good quality antivirus/antimalware software.
4. Do not run as an administrator. Have a seperate account for your day-to-day use. If you need to install additional hardware/software or run updates simply log on as the admin, perform the tasks and log off again.
5. Be cautious about your network security. If your router is compromised it is a potential gateway into your system (see site impersonation in a previous post). If an attacker can impersonate a site you trust, for example one you might download patches and updates from, you may well run infected code.
Personally I'd shy away from System Mechanic.
2. Ensure you have a firewall installed. If you are careful about what you run and don't blindly allow everything that wants to be given access even the Windows Firewall will do a decent job of protecting you.
3. Ensure you are running good quality antivirus/antimalware software.
4. Do not run as an administrator. Have a seperate account for your day-to-day use. If you need to install additional hardware/software or run updates simply log on as the admin, perform the tasks and log off again.
5. Be cautious about your network security. If your router is compromised it is a potential gateway into your system (see site impersonation in a previous post). If an attacker can impersonate a site you trust, for example one you might download patches and updates from, you may well run infected code.
Personally I'd shy away from System Mechanic.
If you open command prompt and type 'netstat' it will report all active connections. For the sake of drowning out the static, close all webpages, instant messengers, and any known programs that access the internet first.
If your machine has been properly compromised you cannot trust it to correctly report it's status. It is trivial, relatively speaking, to ommit an attackers' backdoor from a netstat result.
If your machine has been properly compromised you cannot trust it to correctly report it's status. It is trivial, relatively speaking, to ommit an attackers' backdoor from a netstat result.
I should also mention we both use Firefox. I'm wondering if he was able to obtain any relevant security key information from my firefox browser in order to make decoding a sniffed packet easier on his end.
Unlikely - but I don't know that much about the innards of Firefox I am afraid. And as I said there are easier ways to compromise your PC. Decoding encrypted traffic without the key is far more difficult than breaking in.
Unlikely - but I don't know that much about the innards of Firefox I am afraid. And as I said there are easier ways to compromise your PC. Decoding encrypted traffic without the key is far more difficult than breaking in.
ASKER
I think the program "Activity Monitor" by SoftActivity was installed. Everything was perfect to be a very quiet install.
Thank you guys for the great info!!
Thank you guys for the great info!!
Is it probable? No.
If the network devices haven't been secured then it is possible that a third-party could route all of your traffic through themselves. As you pointed out however the traffic is encrypted. As with all encryption it is possible to break it eventually but this is far beyond the means of most people (who would get bored after a year or two!) More likely they'd get themselves a certificate and impersonate the site then proxy your traffic to the actual site (your credentials included) - some of the trusted certificate authorities built into your OS/browser are not too careful who they give certificates to.