PSA: Switch your gmail over to SSL

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar

waggy

No Lifer
Dec 14, 2000
68,145
10
81
OH noo! someone might find out i need a dick enlarger!

my gmail is full of spam. only time i use it is on sights that might send me junk.
But thanks for the heads up!
 

silverpig

Lifer
Jul 29, 2001
27,709
11
81
I'm pretty happy about this as I use my gmail for everything. I have all my real email accounts set to forward to gmail, I can send email from any of my real accounts through gmail, I get gmail on my ipod, it's basically the center of my email world.
 

middlehead

Diamond Member
Jul 11, 2004
4,573
2
81
I'd been using extensions to cover this for a while now, bout damn time Google did it themselves.
 
B

biggestmuff

Diamond Member
Mar 20, 2001
8,201
2
0
You are also able to see if any other gmail sessions are open. The tiny script and third line up from the bottom, click 'Details'. A window will popup and will tell you any other open gmail sessions. You may then log out the other session.
 

FeuerFrei

Diamond Member
Mar 30, 2005
9,152
928
126
Fixed.
However, I 'never' check my Gmail with my browser.
I go with POP access via Outlook Express.
 
G

George P Burdell

Lifer
Aug 25, 2004
11,166
1
81
Originally posted by: newb111
That setting doesn't seem to exist for google apps for domain. Oh well. I just make sure all my bookmarks for gmail use https.
Click to expand...

There is a GreaseMonkey script called GMailSecure that will always switch gmail & gmail for apps from http to https.
 
C

Codewiz

Diamond Member
Jan 23, 2002
5,758
0
76
I guessing not many here read how this works?

Just using https while not enabling the preference will not fix it. This vulnerability only works when the attacker can grab your session id over unsecured channels. E.g. unprotected wireless in places like airports. The attacker much has access to sniff your connection. Then the attack provides a page that links back to a http page at google. Google will give up your session ID because you are already authenticated. The attacker can then take the session id and use your account.

If you don't set this preference in google, the attack will still work even though you use https. You MUST set the preference to always use HTTPS and google will ignore the http request.

So in laymans terms this is what is required.

Access to sniffing your connection.
Preference not set
Get you to click on a link that links to some image on googles non secure http page.
Attacker grabs your session id and runs away with your account.

GOOD BROWSING PRACTICES!!!! Especially if paranoid.
Go home and setup an SSH server
Learn how to use SSH to tunnel traffic
Anytime you are using an UNTRUSTED wireless connection use the ssh tunnel

 

clamum

Lifer
Feb 13, 2003
26,255
403
126
Originally posted by: KLin
Originally posted by: Raduque
Why is that douchebag going to release a tool like that?
Click to expand...

Because he can.
Click to expand...
Yeah that's what I'm wondering, why do something like that? Douchebag is right. :thumbsdown:
 
J

jjones

Lifer
Oct 9, 2001
15,425
2
0
Gmail is a junk mailbox for me so I'm not bothering with this; besides, as per Codewiz's post describing the nature of the attack, it's extremely unlikey (read: never) that I'll ever be subject to it.

But thanks for the heads up anyway.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |