A Good Reason To Go Full-Time SSL For Gmail

A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.

When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.

Read more @ Hungry Hackers



No tags here.
Posted under Web Marketing on August 19th, 2008 |

Leave a comment

About the author
Colin Receveur is a nationally recognized speaker, author, and dental web marketing expert who has pioneered the way dentists market themselves online for the past decade. Since incorporating in 2001, Colin has established a rock solid track record with his dentist clients and turned SmartBox into a stalwart of proven results for hundreds of dental practices.