Gmail security vulnerability
Filed in archive Wireless on February 1, 2008
ArsTechnica reports what security researcher, Robert Graham, discovered whilst using Google Mail.
His technique (nicknamed sidejacking), intercepts session ID cookies from the WiFi signal and used for a number of purposes, including sending and receiving e-mail. This type of attack takes place after the end-user has securely logged on to a service.
This happens even with SSL since Gmail attempts to connect both in SSL-secured mode and non-SSL mode. So when you access the SSL enabled site, if it fails, it will automatically reconnect with non-SSL version. This makes your password vulnerable to sniffing.
The "good" news, however, is that GMail is not the only one affected. :( This may be the wake-up call for all road warriors to make sure that you know when your transactions are secure. I wonder if the direct SMTP and POP/IMAP access to Gmail are also vulnerable.
His technique (nicknamed sidejacking), intercepts session ID cookies from the WiFi signal and used for a number of purposes, including sending and receiving e-mail. This type of attack takes place after the end-user has securely logged on to a service.
Permalink: Gmail security vulnerability
Tags: security vulnerability SSL HTTPS google gmail mail 2007 security+vulnerability
Vote for Gmail security vulnerability:
|
Rating: 10.00 out of 2 vote(s) cast.
|
| RSS |  |
 | |
| Yahoo! |
|
| Addthis |
|
| Bloglines |
|
| Follow us on Twitter! |
Most Popular
About the blog
Accessories
Best of
Blog
Books
Business
Did you know
Environment
Events
Fashion
Hardware
Headset
Health
Home Office
Humor
Information About
Internet
Internet telephony
Legal
Lifestyle