February 23rd, 2008 by Shanmuga
"At the last DefCon event, one of the attendees, ‘Hamster’ showed off how the cookies sent by your computer when signing into a Google account can be copied, allowing the account to be cloned by the hacker, and all the implications that carried.
Read the rest of this entry »
If you enjoyed this post, make sure you subscribe to my RSS feed!
Category: Security | No Comments »
February 8th, 2008 by Shanmuga
"According to security researcher and CEO of Errata Security Robert Graham, Google’s JavaScript code makes HTTP requests in the background via an XMLHttpRequest. By default, these requests are SSL-encrypted—but if SSL fails, they change to nonencrypted mode. When a user attempts to connect to a WiFi hotspot, Google Mail attempts to connect with SSL both enabled and disabled. Even if the attempt fails, session-ID cookies are still transmitted to the router, and can therefore be captured by anyone sitting nearby with an appropriately configured software suite.
Read the rest of this entry »
If you enjoyed this post, make sure you subscribe to my RSS feed!
Category: Vulnerabilities | No Comments »
