A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas. Last week, Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, not just authentication. Users who did not turn it on now have a serious reason to do so, as Mike Perry, the reverse engineer from San Francisco who developed the hacking tool, is planning to release it in two weeks.”

The solution is to set Permanent SSL in Gmail

1. Sign in to Gmail.
2. Click Settings at the top of any Gmail page.
3. Set ‘Browser Connection’ to ‘Always use https.’
4. Click Save Changes.
5. Reload Gmail.

Note: People with Gmail Notifier will need to download a patch here

Mobile/Firefox Users: I will make the immediate assumption that enabling permanent SSL will break all mobile access/apps and Firefox plugins. Edit: Palm T|X browser works, Palm TREO browser works, Gmail manager in FF3 works.

This is especially important for anyone using unsecured WiFi networks or anyone residing in buildings with unsecured networks. Although you may not know it, your wifi connection may jump on unsecured networks without your knowing. This has happened to me many times. This will put you at risk.

While you’re at it, update that password. And throw in a few weird characters and numbers. Something like ‘W@rri0rF0rum” goes a long way.

Albert

Similar Posts:

    None Found

Tagged with:

Filed under: News

Like this post? Subscribe to my RSS feed and get loads more!

Possibly related posts

    None Found