Whole Network Books Hardware Health Lifestyle Mobile Phones Online Services Wireless

« iPhone now supports Web C... | Main | How to 3G-enable your iPh... »

 

Gmail security vulnerability

Filed in archive Wireless by Rom Feria on February 1, 2008

ArsTechnica reports what security researcher, Robert Graham, discovered whilst using Google Mail.

Google mail


His technique (nicknamed sidejacking), intercepts session ID cookies from the WiFi signal and used for a number of purposes, including sending and receiving e-mail. This type of attack takes place after the end-user has securely logged on to a service.


This happens even with SSL since Gmail attempts to connect both in SSL-secured mode and non-SSL mode. So when you access the SSL enabled site, if it fails, it will automatically reconnect with non-SSL version. This makes your password vulnerable to sniffing.

The "good" news, however, is that GMail is not the only one affected. :( This may be the wake-up call for all road warriors to make sure that you know when your transactions are secure. I wonder if the direct SMTP and POP/IMAP access to Gmail are also vulnerable.





Permalink: Gmail security vulnerability
Tags: security  vulnerability  SSL  HTTPS  google  gmail  mail  2007  security+vulnerability 

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/112600

Bookmark this entry:

img Addthis img Ask img Blinklist img del.icio.us img Digg img Fark img Facebook img Google img Lycos img Ma.gnolia Add this page to Mister Wong Mr Wong img Netscape img Netvousz img Newsvine img Reddit img StumbleUpon img Slashdot img Tailrank img Technorati img Wink img Yahoo

Related Entries:

Vulnerability in Gmail - 02 March 2006

Security Vulnerability Reported In GIF Images Processing In ... - 17 January 2007

Linux lags in security - 23 March 2007

Security of Red Hat Enterprise Linux 4 - 18 April 2007





RSSrss   | See all blog subscribe options
Google google   |   What is RSS?
Yahoo! yahoo
Addthis Subscribe using any feed reader!
Bloglines Bloglines
Newsletter
Grouptivity

Use the search to look for other interesting posts



 

  • Advertise with us

  • Learn more about our advertising options or email advertising - at - creative-weblogging.com or give us a call at +1 (650) 331 4900.




  • Other blogs in the same channel in the Creative Weblogging Network







 

Find other popular posts from our other blogs:

The Mobile Technology Weblog

Mosquito Noise Hijacked by Teens

Pokémon Coming to Mobile

Habbo Hotel Gets Cash, Goes Mobile

Free SMS Site List

MXit Version 5 Announced

The RFID Weblog

RFID Can Solve Parking Woes

Downloadable RFID PowerPoint...

TagZapper, Wall Street Journal and the...

Get a Free Copy of New RFID Book

Win a RAZR Phone

Supplychainer

Free download of a supply chain book!

Tata motors wins supply chain excellence...

About the author

Coca Cola to restructure its supply...

Supply Chain Management for beginners...

The Smart PDA

The Motorola Ming (A1200)

The Nokia N95 Announced

Know a Lot About the Nokia N95

A Vista Theme for Your Windows Mobile...

LG KS360 comes to Europe

The Wireless Weblog

Don't Want to Get Sued by the RIAA? Just...

Vodafone in Qatar

Trying to Destroy the G'zOne Type-V

Free Laptop With a One-Year WiMax...

SafeLink Wireless to Give Free Phones to...

BootStrapMe

Happy Birthday to me!

Bootstrapping workshop scheduled for...

How to find a bootstrapping job

Create a bootstrap breakfast in your...

Bootstrap venture gains momentum

About the company | Advertise with us | Disclaimer | Privacy Policy | Refund/Return Policy

All Creative Weblogging sites are built in accordance with the Google Webmaster Guidelines and IAB guidelines.

Tagcloud: About the blog Accessories Blog Books Business Environment Events Fashion Hardware Headset Health Home Office Humor Internet Internet telephony Legal Lifestyle Marketing Mobile Phones Mouse Multimedia News Online Services Open Formats Protection Small business Software Sponsored Post Storage Wireless