The "C" Branch

Jaded commentary on random shit, with an extra helping of cynicism, satire and general contempt for society & Western culture, religion, politics, celebrities, technology, business & more.

GMail Vulnerability – And How To Fix It

Posted by Chris DeMarco on Monday, March 9th, 2009 at 9:17 am

A vulnerability has been recently exploited which allows a hacker to compromise and infiltrate your GMail session’s authentication. This vulnerability affects users on public wireless networks in particular. Though the GMail team did make a solution for this, not many people are aware of it.

It is extremely important to change this setting within your GMail account, especially if you access your mail from public networks.

Go into your GMail settings. On the very bottom of the first page, you will see the setting “Browser connection” with the options

  • Always use https
  • Don’t always use https

Choose the “Always use https” option. This forces GMail to always use its secure http server while you are accessing your mail. Otherwise, a hacker could gain your session ID and then be able to get into your account.

I’m not sure why GMail is not making a bigger deal about this, but regardless, you need to update this setting immediately to protect your account.

A side note: If your GMail password is a number combination or dictionary word, or some other non-secure password, a hacker bot is going through and compromising these accounts to send spam as a vacation responder. See my previous post. Be sure and change it to something with both capital and lowercase letters, numbers, and preferably a symbol or two as well.

Be Sociable, Share!

If you enjoyed this post, please consider making a donation by clicking here.

Tagged in:  

Leave a Reply