A Good Reason To Go Full-Time SSL For Gmail

Posted by Colin Receveur , August 19, 2008

A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.

When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.

Read more @ Hungry Hackers

SmartBox Web Marketing – Turnkey Local Online Advertising for Doctors & Professionals

About Colin Receveur

Colin Receveur is a nationally recognized speaker, author, and dental web marketing expert who has pioneered the way dentists market themselves online for the past decade. Colin and his wife live in Floyds Knobs, IN, just across the river from Louisville, KY. When he’s not enjoying a private evening at home with his bride you’ll probably find him out to dinner with his parents; his father who is a very successful dentist with his private practice, and his mother who is a top sales executive with a Fortune 100 healthcare organization. Their first child, Benjamin, was born January 19, 2013.
This entry was posted in Web Marketing. Bookmark the permalink.

Leave a Reply