Though it’s not specific to Gmail, or easily exploitable by users
outside your network, a session hijacking demonstration by Robert
Graham showed hackers how to take over a users email account by simply
sniffing network traffic and stealing cookies. In the demonstration,
George Ou volunteered an email address
he created to be hacked into — and it didn’t take long. Within seconds,
the attacker was able to use a point-and-click interface to get access
to this account and send a message from it.
The demonstration highlights how easy unsecure network traffic can
make for some very simple session hijacking. One way you can avoid
having your Gmail account taken over by people on your network is to
use the SSL version — be warned though, any website that relies heavily
on cookies for authentication remains vulnerable.
If you don’t have Greasemonkey installed, or you still use Internet Explorer, get used to typing “https://www.gmail.com”
to check your email — doing this will safeguard yourself from prying
eyes through network sniffing. If you have Firefox, you can install this Greasemonkey script to ensure your session always remains in “secure mode”.
Powered by ScribeFire.
Google
« 
Technorati Tags: web, internet
Blogsphere: TechnoratiFeedsterBloglines
Bookmark: Del.icio.usSpurlFurlSimpyBlinkDigg
RSS feed for comments on this post | TrackBack URI for this post
Socialize This PostLeave a Reply
Pages
Admin
- October 2007 (2)
- September 2007 (10)
- August 2007 (10)
- July 2007 (17)
- June 2007 (23)
- May 2007 (31)
- April 2007 (34)
- March 2007 (9)
- February 2007 (1)
- July 2006 (7)
- May 2006 (7)
- March 2006 (2)
- February 2006 (31)
