Gmail security vulnerability
Filed in archive Wireless by Rom Feria on February 01, 2008
His technique (nicknamed sidejacking), intercepts session ID cookies from the WiFi signal and used for a number of purposes, including sending and receiving e-mail. This type of attack takes place after the end-user has securely logged on to a service.
This happens even with SSL since Gmail attempts to connect both in SSL-secured mode and non-SSL mode. So when you access the SSL enabled site, if it fails, it will automatically reconnect with non-SSL version. This makes your password vulnerable to sniffing.
The "good" news, however, is that GMail is not the only one affected. :( This may be the wake-up call for all road warriors to make sure that you know when your transactions are secure. I wonder if the direct SMTP and POP/IMAP access to Gmail are also vulnerable.
Permalink: Gmail security vulnerability
Tags:
security vulnerability SSL HTTPS google gmail mail 2007 security+vulnerability
Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/112600







