Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Alert: Enable "Always use https" setting in GMail

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg | del.icio.us

Google last week introduced a security setting designed to protect GMail users sessions from getting hijacked. The setting is provided as an option in the "settings" page of your GMail account. If you haven’t enabled the "Always use HTTPS" option, it’s time to do so now due to the emergence of an automated cookie stealing tool demonstrated at the Defcon hacker conference last week.

In the words of Brian Krebs "To put this attack in perspective, consider the following scenario. You log into your GMail account on a wireless hotspot at the local coffee bar, being careful to do so by clicking on a bookmark that sends you to https://mail.google.com. In between reading your e-mail, for example, you surf over to another trusted Web site. A bad guy who has hijacked the establishment’s network sees that you’ve requested a new Web page and appends a tiny image at htp://mail.google.com to the new page you requested. Bingo. Your browser will spit out the Gmail cookie with your credentials."

Google recommends selecting the ‘Always use HTTPS’ option in GMail any time your network may be non-secure. To secure your GMail "Sign in to your GMail account", Click "Settings" on top of the page menu and scroll down to "Browser connection"

gmail https setting Alert: Enable "Always use https" setting in GMail

Select "Always use https" Click "Save Changes" and reload.

Why Google has not made this as a default option is a mystery? Your mail browsing could become a bit slower through the SSL protocol, could that be the reason? or Google thinks every user logs in from a secure trusted network?

Better still use any modern secure email client that allows you to access your Webmail through SSL like Mozilla Thunderbird and you will be protected against cookie stealing attacks. Use the Webmail only when you don’t have access to your client like when you are on the road. When using the Webmail, always open a new browser window and remember to manually signout of your account and close the browser window.

You may also like to read



{ 1 comment… read it below or add one }

CAROL V WALKER May 27, 2009 at 8:55 PM

Where is “settings” on the Gmail website?

Reply

Leave a Comment

{ 2 trackbacks }

Previous post:

Next post: