Aug
28
During Defcon a new tool was mentioned that would automate the hacking of GMail accounts. This only applies that those of you using GMail, not the Google Hosted Apps.
The problem is in how GMail encrypts traffic. It only does SSL encryption during the login session. As described here and here, this leaves your actual email unencrypted and a door for someone to get into your account later.
The simple fix is to go into your account Settings, scroll to the bottom, select “Always Use HTTPS” and click save changes. This will cause your entire session with GMail to be encyrpted and mitigate the risk of your account being hijacked. Combine this with Perspectives and you have a pretty solid security setup.
no comment untill now