The GMail Hack, OR I do not know if this is true, but it never hurts to be cautious, heh?

[thebitterguy]

I'll suppose that absinthe_dot_ca or kallisti might know more about this than I, but it seems interesting. Apparently, a hacking tool exists that will allow access to Gmail accounts.

This glitch can apparently be avoided by following these steps:

Simply log into GMail, and click on the Settings link over in the top right corner. At the bottom of this screen is a section labeled 'Browser Connection', which by default is set to 'Don't always use https'. Change this to 'Always use https', then click the "Save changes" button directly below. That 'should' keep you safe from people using this fascinating new toy."

Hey, I dunno if this is legit or horseshit, but I figure it's hard to be too cautious. Unless you're the DHS, in which case chilling the fuck out might be a good idea.

Comments

[jeffreyab.livejournal.com]

I have it from a reliable source that it is indeed legit.

[absinthe-dot-ca.livejournal.com]

I don't know about this particular exploit (and I'm too lazy to look right now), but HTTPS is basically encrypted HTTP (web traffic). If you're NOT using it, then anyone listening in to your web traffic can see everything - including session identifiers, passwords, etc. Not sure why that wouldn't be the default...

Actually, I do know why, but nobody wants to hear me rant for 30 minutes about how the average programmer these days could be replaced by a semi-trained monkey, with no apparent change in quality or quantity of code.

[momentrabbit.livejournal.com]

Dunno about the 'hacking tool', but any packet sniffer can effectively read unencrypted webmail, so enabling secure http is a good idea.

A lot of mail providers offer that, actually, but they don't always advertise it. Telus is like that.

[deven-science.livejournal.com]

Thanks for the head's up, I changed my settings.