Filed in archive
Wireless
by Rom Feria on February 2, 2008
ArsTechnica reports what security researcher, Robert Graham, discovered whilst using Google Mail.
This happens even with SSL since Gmail attempts to connect both in SSL-secured mode and non-SSL mode. So when you access the SSL enabled site, if it fails, it will automatically reconnect with non-SSL version. This makes your password vulnerable to sniffing.
The "good" news, however, is that GMail is not the only one affected. :( This may be the wake-up call for all road warriors to make sure that you know when your transactions are secure. I wonder if the direct SMTP and POP/IMAP access to Gmail are also vulnerable.
His technique (nicknamed sidejacking), intercepts session ID cookies from the WiFi signal and used for a number of purposes, including sending and receiving e-mail. This type of attack takes place after the end-user has securely logged on to a service.
This happens even with SSL since Gmail attempts to connect both in SSL-secured mode and non-SSL mode. So when you access the SSL enabled site, if it fails, it will automatically reconnect with non-SSL version. This makes your password vulnerable to sniffing.
The "good" news, however, is that GMail is not the only one affected. :( This may be the wake-up call for all road warriors to make sure that you know when your transactions are secure. I wonder if the direct SMTP and POP/IMAP access to Gmail are also vulnerable.
Permalink: Gmail security vulnerability
Trackback: http://publish.creative-weblogging.com/publish/mt-tb.pl/112600
Addthis
Ask
Blinklist
del.icio.us
Digg
Fark
Facebook
Google
Lycos
Ma.gnolia
Mr Wong
Netscape
Netvousz
Newsvine
Reddit
StumbleUpon
Slashdot
Tailrank
Technorati
Wink
Yahoo
Vote for Gmail security vulnerability:
|
Rating: 10.00 out of 2 vote(s) cast.
|
Subscribe
Use the search to look for other interesting posts
| RSS |  See all blog subscribe options |
 What is RSS? | |
| Yahoo! |
|
| Addthis |
|
| Bloglines |
|
| Newsletter | |
| Follow us on Twitter! |
