AdvertisingAdvertise Contact UsContact Visitors comments to Malware Help. OrgComments

Subscribe: EMail, IM, Twitter, Skype Subscribe to Malware Help. Org Full Post Feed Full Post Subscribe to Malware Help. Org Summary Feed Summary

Browse > Home /

Google Mail vulnerable to sidejacking despite SSL

February 8, 2008 by Shanmuga  
Filed under Email Security, Vulnerabilities

Leave a Comment

malware-help0037-12-jan-08.jpg"According to security researcher and CEO of Errata Security Robert Graham, Google’s JavaScript code makes HTTP requests in the background via an XMLHttpRequest. By default, these requests are SSL-encrypted—but if SSL fails, they change to nonencrypted mode. When a user attempts to connect to a WiFi hotspot, Google Mail attempts to connect with SSL both enabled and disabled. Even if the attempt fails, session-ID cookies are still transmitted to the router, and can therefore be captured by anyone sitting nearby with an appropriately configured software suite.
Read more

If you enjoyed this post, make sure you subscribe to my RSS feed!

Tags: , , ,

Private