Gmail not so secure
How do you login to Gmail, normal http or https? If normal http then I’m afraid you’re at risk as your session could be hijacked by hackers.
Recently, Robert Graham, the CEO of errata security demonstrated on how he hijacked a victim’s ( co-worker ) gmail session using a simple tool ( yet to be released ) called Hamster. To know the nitty gritty of how he does it, check this post. This attack is not only peculiar to Gmail but yahoo, hotmail and any cookie based web application suffer from it.
Don’t panic as I can tell you’re scared about your email sessions, with Gmail there is a way to protect your self against this attack, when next time you plan to log in, use this https://mail.google.com instead of http://mail.google.com as this makes sending, receiving, authentication with Gmail much secure by encrypting everything from your username, password, sending emails to receiving emails. This makes it very hard for the hacker to hijack your sessions. This is a feature Gmail provides but most at times we ignore it or forget about it or even, we don’t know about it. So next time you decide to login to gmail, remember to use https.
d-arb on September 17th, 2007
Hey, you can download an addon for firefox called better gmail, which is a set of greasemonkey scripts which improve a number of aspects, the most crucial being the forcing of the use of https for all gmail sessions