If i want to sniff your gmail password infact with username, the tools/technics available are beyond https control... keylogging and phishing should be disqualified for this type of attack and the victim should concentrate on the network security rather than the machine coz after all its also a linux machine which has pre-security measures in place.

As i said earlier, this attack can be achieved even from a distance depending on how careless the network has been installed and the amount of information the hacker has acquired about it.

On the other hand, having the target to be only one account also raises questions.... meaning the victim is well known by the attacker.

Taking a step backward... i believe all of us know how a form passes its input to a server for authentication. we all know that as much as all the process is done on the server we still send packets of information generated from the user thru our browsers and this include the password and username so wat the sniffer does is to identify the string that is posted for the server thru the network.. and this is where the magic happens.. more information about this can be found with CEH or Ninja tutorials which i believe will give more light to the victim.

Regards,

Wilson.



On Sat, Dec 18, 2010 at 12:37 AM, Makobu <makobu.mwambiriro@gmail.com> wrote:
Being that logging in is all ssl, the most feasible way to steal the
passowrd is on the machine ... Is there anything 'strange' in the
account's .bashrc (or equivalent)? On second thought, its not that
hard to have a hidden process that just logs that particular user's
keystrokes ... so only loging to any of your accounts from a personal
device (phone, laptop), see if that helps.

On 12/17/10, Casper Odicoh <codicoh@gmail.com> wrote:
> IMMHO,
>
> It's a case of key-logging or bad security policy in the LAN which may
>  be defeated by possibly:
>
> - Use a totally different network to change passwords
> - Give up on the www concept
> - Delete all known menemies
>
> EoE
>
> On 12/17/10, john maina <jonmaina8715@gmail.com> wrote:
>> Webmail accounts hacked via WLAN
>> <http://www.h-online.com/security/news/item/Webmail-accounts-hacked-via-WLAN-733402.html>also
>> recommend you read about this and hope it helps
>> Firefox extension steals Facebook, Twitter, etc.
>> sessions<http://www.h-online.com/open/news/item/Firefox-extension-steals-Facebook-Twitter-etc-sessions-1124596.html>
>> and
>> Firesheep cookie-jacking tool triggers arms
>> race<http://www.h-online.com/security/news/item/Firesheep-cookie-jacking-tool-triggers-arms-race-1132915.html>
>>
>> On Fri, Dec 17, 2010 at 2:57 PM, Dennis Kioko <dmbuvi@gmail.com> wrote:
>>
>>> The issue may also be that her Yahoo account is compromised hence the
>>> hacker also sees the changes in the password. also ask her to use a
>>> unique
>>> password not used on any other service in the internet.
>>>
>>> If she is on an unsecured wireless network, she may be a victim of
>>> Firesheep (
>>> http://www.h-online.com/open/news/item/Firefox-extension-steals-Facebook-Twitter-etc-sessions-1124596.html)
>>> which can be detected with Blacksheep (
>>> http://www.h-online.com/security/news/item/Firesheep-cookie-jacking-tool-triggers-arms-race-1132915.html
>>> )
>>>
>>> _______________________________________________
>>> Skunkworks mailing list
>>> Skunkworks@lists.my.co.ke
>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>>> ------------
>>> Skunkworks Rules
>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>>> ------------
>>> Other services @ http://my.co.ke
>>>
>>
>>
>>
>> --
>> *I don't mind the rat race but I could do with a little more cheese.
>> *
>> +254-727-427-836
>>
>
> --
> Sent from my mobile device
> _______________________________________________
> Skunkworks mailing list
> Skunkworks@lists.my.co.ke
> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
> ------------
> Skunkworks Rules
> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
> ------------
> Other services @ http://my.co.ke
>

--
Sent from my mobile device
_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke