Gmail not so secure

How do you login to Gmail, normal http or https? If normal http then I’m afraid you’re at risk as your session could be hijacked by hackers.

Recently, Robert Graham, the CEO of errata security demonstrated on how he hijacked a victim’s ( co-worker ) gmail session using a simple tool ( yet to be released ) called Hamster. To know the nitty gritty of how he does it, check this post. This attack is not only peculiar to Gmail but yahoo, hotmail and any cookie based web application suffer from it.

Don’t panic as I can tell you’re scared about your email sessions, with Gmail there is a way to protect your self against this attack, when next time you plan to log in, use this https://mail.google.com instead of http://mail.google.com as this makes sending, receiving, authentication with Gmail much secure by encrypting everything from your username, password, sending emails to receiving emails. This makes it very hard for the hacker to hijack your sessions. This is a feature Gmail provides but most at times we ignore it or forget about it or even, we don’t know about it. So next time you decide to login to gmail, remember to use https.