Filed in archive
Wireless
by Rom Feria on February 2, 2008
ArsTechnica reports what security researcher, Robert Graham, discovered whilst using Google Mail.
This happens even with SSL since Gmail attempts to connect both in SSL-secured mode and non-SSL mode. So when you access the SSL enabled site, if it fails, it will automatically reconnect with non-SSL version. This makes your password vulnerable to sniffing.
The "good" news, however, is that GMail is not the only one affected. :( This may be the wake-up call for all road warriors to make sure that you know when your transactions are secure. I wonder if the direct SMTP and POP/IMAP access to Gmail are also vulnerable.
His technique (nicknamed sidejacking), intercepts session ID cookies from the WiFi signal and used for a number of purposes, including sending and receiving e-mail. This type of attack takes place after the end-user has securely logged on to a service.
This happens even with SSL since Gmail attempts to connect both in SSL-secured mode and non-SSL mode. So when you access the SSL enabled site, if it fails, it will automatically reconnect with non-SSL version. This makes your password vulnerable to sniffing.
The "good" news, however, is that GMail is not the only one affected. :( This may be the wake-up call for all road warriors to make sure that you know when your transactions are secure. I wonder if the direct SMTP and POP/IMAP access to Gmail are also vulnerable.
Permalink: Gmail security vulnerability
Trackback: http://publish.creative-weblogging.com/publish/mt-tb.pl/112600
Mr Wong
Vote for Gmail security vulnerability:
|
Rating: 10.00 out of 2 vote(s) cast.
|
Subscribe
Use the search to look for other interesting posts
| RSS | See all blog subscribe options |
|
What is RSS? | |
| Yahoo! |
|
| Addthis |
|
| Bloglines |
|
| Newsletter | |
| Follow us on Twitter! |







