Whole Network Most Recent TOP10 Hardware Lifestyle Online Services Wireless

« iPhone now supports Web... | Main | How to 3G-enable your... »

Gmail security vulnerability

Filed in archive Wireless by Rom Feria on February 01, 2008

ArsTechnica reports what security researcher, Robert Graham, discovered whilst using Google Mail.

His technique (nicknamed sidejacking), intercepts session ID cookies from the WiFi signal and used for a number of purposes, including sending and receiving e-mail. This type of attack takes place after the end-user has securely logged on to a service.

This happens even with SSL since Gmail attempts to connect both in SSL-secured mode and non-SSL mode. So when you access the SSL enabled site, if it fails, it will automatically reconnect with non-SSL version. This makes your password vulnerable to sniffing.

The "good" news, however, is that GMail is not the only one affected. :( This may be the wake-up call for all road warriors to make sure that you know when your transactions are secure. I wonder if the direct SMTP and POP/IMAP access to Gmail are also vulnerable.

Permalink: Gmail security vulnerability
Tags: security vulnerability SSL HTTPS google gmail mail 2007 security+vulnerability

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/112600

Related Entries:

Vulnerability in Gmail - 02 March 2006

Security Vulnerability Reported In GIF Images Processing In... - 17 January 2007

Linux lags in security - 23 March 2007

Security of Red Hat Enterprise Linux 4 - 18 April 2007

Vote for Gmail security vulnerability:

Currently 10.00/10
1
2
3
4
5
6
7
8
9
10

Rating: 10.0 out of 2 vote(s) cast.

RSS	\| See all blog subscribe options
Google	\| What is RSS?
Yahoo!
Addthis
Bloglines
Newsletter

Check out our Sponsored Blogs!
The Mobile Technology Weblog

Contributors (Last 90 days)
Rom Feria (20)
This site has 496 entries and is powered by Creative Weblogging since February 2007.
Do you want to start or edit an existing blog for us and get paid? More info.
Do you want to advertise on this blog? We have great ideas!
Do you have tips for us? Send them!

Advertise with us
Learn more about our advertising options or email advertising - at - creative-weblogging.com or give Luis a call at +1 (650) 331 8047.

Try the new the-wireless-wiki.com

Other blogs in the same channel in the Creative Weblogging Network

Disclaimer
Some of the contents of this site are protected Creative Weblogging Ltd. 2004-2008.

Add your response to Gmail security vulnerability:
Name: *	Email: (will never be shown)*	URL:

(* marked fields are required)
Notify me if more comments appear?	Subscribe to Tech Without Wires newsletter? (Newsletters are sent out weekly).	Remember me
Security Code: * (Please help us to sort out spam.)

Please enter your comment here: (Sorry, no HTML is allowed - URLs will be made clickable automatically if you add http:// to your URL.)


We welcome your comments, however all comments are moderated. Offensive or off-topic comments will be deleted and not displayed.

Tell a friend about Gmail security vulnerability
Recipient email:*	Your email:*

(* Both email addresses are required for sending this article. They will never be shown or used for any marketing purposes)
Please enter a message which will be shown together with the article:

Security Code: (Please help us to sort out spam.)

Gmail security vulnerability

Filed in archive Wireless by Rom Feria on February 01, 2008

Related Entries:

Vote for Gmail security vulnerability:

Add your response to Gmail security vulnerability:

Tell a friend about Gmail security vulnerability

Check out our Sponsored Blogs!

Our Editors recommend

Contributors (Last 90 days)

Categories

Archives

Advertise with us

Most popular

Recent Comments

Other blogs in the same channel in the Creative Weblogging Network

Wireless & Mobile

Disclaimer

Find more recent entries from our other publications:

The Mobile Technology Weblog

The Wireless Weblog

Supplychainer

The RFID Weblog

The Smart PDA

Philoneist