update: google was able to fix it after a couple of hours.
Posts tagged gmail
this is a follow up post to securing your gmail.
google has made it easier for you to permanently use https when you access your gmail account. that’s from login and logout and everything in between. in gmail, click on your “settings” located on the upper right hand of the browser screen. this will bring you to the general settings of your gmail account. scroll down to the bottom and you will see “browser connection“. click on the “always use https” and then click on “save changes“.
please understand that doing this will make your gmail session a tiny bit slower because of all the encryption/decryption that’s going on between your browser and google mail. the upside is you secure your gmail account. 😉
there exist a tool that can “automaticaly steal ids of non-encrypted sessions and breaks into google mail accounts” and it will be released to the public in a few weeks. the tool was presented in the recent hackers’ conference in las vegas called defcon. click on the link above if you want more technical details.
essentially what the tool does is to allow a hacker (unsuspecting or otherwise) to get into your gmail account and do what s/he pleases — like change the password. scary stuff.
the solution is simple enough — encrypt your entire gmail session and not just the login portion. to do that both the server (google mail) and the client (your browser) have to talk to each other via ssl (secure sockets layer) all the time. fortunately, google was informed of the vulnerability about a year ago so they took steps to implement ssl on their side of the fence. browsers has ssl-support built in.
all you have to is to add an “s” to the “http” portion of the google mail address making it look like “https” (without the quotes of course) and you’re done. preferably, you should do this at the start of your gmail session when you log in.