« Moe Shrine at Akihabara
Kawaisouna Zou (Poor Elephants) by Yukio Tsuchiya: A True Story of Animals, People, and War »
h1

Your Gmail Account Might Be Hacked Soon

August 19, 2008

Problem:

A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas. This tool will be released to the public in two weeks.

Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of low-bandwidth users, as SLL connections are slower.

The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the attacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are obviously more likely to get attacked than the ones using secure wired networks. (Source)

Solution:

Go to your Gmail Settings, General Tab, scroll down and click Always use https under Browser Settings, then click Save Settings.

Another good tool is Customize Google extension for Firefox. It has many useful options, including force https.

Sources and Further Reading:

Why You Should Turn Gmail’s SSL Feature On Now (Webmonkey)
Gmail Account Hacking Tool (Hacking Truths)

Posted in Anime, Science & Technology | Tagged , , , , , , , , , , |

11 comments

  1. LMAO! I love the Lain picture you used for this! XD And it’s a good thing that I don’t have a Gmail account, dunno why I just never trusted google e-mail…O.O Hypocritical, cause I cause I used google about 50 times a day! ^.^

         by amayalee August 19, 2008 at 10:58 pm
    Reply

  2. Yup, Lain can be evil sometimes! :P

    Gmail is fine, you just have to be vigilant of possible problems. Besides, it is 7GB of free space :)

         by Kitsune August 19, 2008 at 11:08 pm
    Reply

  3. Great use of a picture of Lain, surprisingly appropriate. I as well don’t use Gmail, but only because I simply dislike the design of the Google mail site. Nonetheless, thanks for the heads-up!

         by lostty August 20, 2008 at 1:19 am
    Reply

  4. Lain has many themes and expressions :)

    Ah, that’s good – you are safe then :)

         by Kitsune August 20, 2008 at 12:51 pm
    Reply

  5. Thank you for the heads-up on this issue! I have made the fix on my gmail account. I see that it does not default to “always using https”

         by Mormon Soprano August 20, 2008 at 6:27 pm
    Reply

  6. You are welcome :)

         by Kitsune August 20, 2008 at 7:10 pm
    Reply

  7. [...] of celestialkitsune <— click here to read [...]

         by Your Gmail Account Might Be Hacked Soon « Disabled News August 20, 2008 at 7:11 pm
    Reply

  9. Even though I use yahoo, thanks for keeping me in the know! =]

         by telepathicpebble August 21, 2008 at 2:07 am
    Reply

  10. Yes, yahoo is a good alternative :)

         by Kitsune August 21, 2008 at 12:00 pm
    Reply

  11. Indeed.

         by TelepathicPebble August 21, 2008 at 10:18 pm
    Reply

Leave a Comment