How secure is gmail at work place?

Discussion in 'privacy problems' started by jaggy101, Jun 5, 2011.

Thread Status:
Not open for further replies.
  1. jaggy101

    jaggy101 Registered Member

    Joined:
    Jun 5, 2011
    Posts:
    2
    Hello

    How secure is using gmail with https://... at my work place?
    Would a network admin be able to capture my login details and read my emails?
    My workplace doesn't have a clear policy about using a personal email account, though anecdotally I've some people believing their accounts have been compromised.

    Thanks for any advice
     
    Last edited: Jun 5, 2011
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    As secure as an ssl can be and usually is.
     
  3. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Better Safe than Sorry...;)
    You Already know What you Need to...;)
     
  4. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    They might have installed key loggers on employee's computer to monitor their computer usage. Therefore, even if you use https, you are vulnerable to identity theft.
     
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I highly disagree to employers who restrict the use of work computer for SOME personal matters, but this is the rule in today's society. So my advice is not to login to any personal internet service from work, because you have no guarantee that it won't be captured by a keylogger that might be installed on that computer.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    You could use a Linux Live CD, or anti-keylogging software, but that may not be allowed or possible. Even then, you won't be safe from hardware keyloggers.

    The only real way to be certain is to bring your own machine, and always use TLS/SSL encryption. Again, that may not be permitted.
     
  7. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    When you use a computer at work, it is absolutely possible for your employer to see your https connection.

    Check some of these enterprise tools:
    • McAfee Web Filter that can do "SSL inspection, and certificate validation directly on the Web Gateway appliance" (click on the features and benefits tab)
    • Blue Coat has a similar technology called SSL Proxy
    • Barracuda also has SSL filtering
    • And most other web filtering companies will have this capability

    What they do is put a trusted root certificate in your browser that corresponds to the gateway / web filter. The gateway / web filter creates certificates for the sites you visit on the fly. It then decrypts your traffic, filters it, re-encrypts it and sends it off to the website. Essentially it is a legal man in the middle attack.

    Some of the key logger claims are a little alarmist to put it politely. It does depend on the laws in your country and while employers can observe you and intercept your communication while using their computers and network, keylogging and stealing your password for identity theft is highly illegal. If people are at work genuine believe that your employer is stealing passwords, they should inform the police / relevant authorities.
     
  8. Spiral123

    Spiral123 Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    128
    apart from key-logging or other host installed stuff, they could have a proxy and be proxying the SSL. You have to check your certificate to make sure your have gmails, and not the company's proxy cert.....

    nevermind, huangker above beat me to it....
     
  9. jaggy101

    jaggy101 Registered Member

    Joined:
    Jun 5, 2011
    Posts:
    2
    Thanks for all the feedback.

    It seems the safest thing to do is not to access my own personal email using my workplace network.

    Though out of interest, are SSL proxies installed on the network; or would need to be installed on each individual PC and to bypass SSL proxy, would using portable firefox be a solution?
     
    Last edited: Jun 7, 2011
  10. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    ;) ;)
     
Loading...
Thread Status:
Not open for further replies.