WARNING! New G-Mail hack, and simple way to defend yourself

[roseembolism]

For the G-mail users out there, a new warning has come out regarding a security flaw in G-mail.  According to the article in Hacking Truths,  this can allow hackers to steal your Google ID and access your mail. Fortunately, the solution is very simple and just requires a setting change. 

Log into Gmail account.
Go to Settings (top of the page next to username).
Go to the last entry in the settings page: set it to "Always use https".
Click Save and you're safe. 

Alternately, you can connect to gmail using https://mail.google.com, which will set it to the secure SSL version.

Comments

[(Anonymous)]

Thanks for the tip!

[cjsmith.livejournal.com]

Good point. Session cookies bad; news at 11. Where I work, we use session cookies unencrypted too, but we also a) don't really have any sensitive info, and b) ask for the previous password when the user wants to change it. This is the first time I've heard of a problem where more sensitive stuff is linked to a single session cookie over a non-encrypted connection; maybe this will alert web types to avoid that kind of design in the future.

[ronebofh.livejournal.com]

"maybe this will alert web types to avoid that kind of design in the future."

ha ha ha ha ha

[roseembolism.livejournal.com]

From the article, the person who pointed this flaw out was both happy that Google did something about the exploit, and unhappy that they chose not to publicize anything about it.

...you know, it occcurs to me I'm using hatekitty as an icon far to much today.

[cjsmith.livejournal.com]

Yeah, ok, I'm an incurable optimist. :-)