When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.The good news is that there is an easy way to protect yourself.
...
The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the attacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are obviously more likely to get attacked than the ones using secure wired networks.
Last week Google introduced a new feature that allows users to encrypt their user names and passwords when accessing Gmail over unsecured networks, or even all of the time. You can permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. This will keep your identity and personal data safe from harm.
To protect yourself, simply login to your Gmail account, and go to "Settings". Under the "General Settings" you will find the option to enable https on all of your browser connections. Do this now!
You may find that Gmail is considerably slower over the HTTPS connection, because browsers do not cache these pages and must reload the code that makes Gmail work each time you change screens.If you would like to use https only when you are using unsecured public networks, simply type https://mail.google.com before you log in. This will access the SSL version of Gmail for that session.
Safe browsing folks!
Posts
0 comments:
Post a Comment