Members Area
Countdown to Christmas --
Visit My Merry Christmas on Facebook!   Visit My Merry Christmas on Twitter!   Get My Merry Christmas on RSS
Navigation » Merry Forums of My Merry Christmas > Christmas Today > Chit Chat » Gmail Users; Protect your account!

Chit Chat Link Christmas Presented by Link Christmas, the World's Largest Directory of Christmas Links, this merry area of the forums is where we gather to say hello and to share Christmas year round through a large variety of topics. All are welcome!


  Log-in
  Register



















» Stats
Members: 9,976
Threads: 53,449
Posts: 601,753
Top Poster: xmas365 (150,178)
Welcome to our newest member, Johnmak
» Recent Comments
Hot Cocoa or Hot Chocolate: A Matter of Taste
It's hard to find good writing now a days. But you have done a great job with all these sharing hot Cocoa and hot Chocolate. That's interesting. Thanks for sharing.
The Best of Christmas Sitcoms
My top favorite Christmas Sitcoms: All from M*A*S*H , Happy Days, Laverne and Shirley. Step By Step - I'll Be Home For Christmas
His Name is Bud
love this story! Thanks for sharing your memories.
The Best of Christmas Sitcoms
Here are my top 10: (in no particular order) All 3 M*A*S*H Christmas episodes they made: Dear Dad Dear Sis Death Takes a Holiday The Bob Newhart Show: His Busiest Time I'm Dreaming of a...
Tips for Buying a Fresh Tree
I will do that fresh cut of the trunk.....that was my problem last Christmas.....the tree lost so many needles....even tho it was fresh....the problem was....since I didn´t cut the trunk....the tree...
» Random Entries
Others: The History of...
By MMC Editor
05-30-2002 03:23 PM
64,804 Views  0 Posts
“Happy Christmas Time”...
By MerryCarey
05-15-2012 02:56 PM
28,418 Views  0 Posts
Bells Christmas Where Less is...
By MMC Editor
10-01-2013 06:24 AM
Last post by caninemomssister
11-12-2013 07:51 PM
9,630 Views  1 Posts
Mrs. Christmas
By MMC Editor
05-31-2002 08:55 PM
Last post by sammylar1304
08-17-2011 02:31 PM
47,902 Views  1 Posts
Christmas Poems from...
By MerryCarey
05-15-2012 03:09 PM
43,482 Views  0 Posts
Reply
 
Thread Tools Display Modes
  #1  
Old 08-28-2008, 08:53 PM
Courtney's Avatar
Courtney Courtney is offline
Emerging from the Cave
Last Achievements
 
Join Date: Jul 2008
Posts: 3,949
Thanks: 1,001
Thanked 1,071 Times in 657 Posts
Courtney makes Santa very happyCourtney makes Santa very happyCourtney makes Santa very happyCourtney makes Santa very happyCourtney makes Santa very happyCourtney makes Santa very happyCourtney makes Santa very happyCourtney makes Santa very happyCourtney makes Santa very happyCourtney makes Santa very happyCourtney makes Santa very happy
Gmail Users; Protect your account!

I received this warning and thought I would pass it on...

Link to story

Why You Should Turn Gmail’s SSL Feature On Now
By Scott Loganbill August 19, 2008 Categories: Software & Tools, Web Basics


Let’s talk security and why you should take advantage of Gmail’s recent SSL feature, and why you might want to be careful using other non-SSL webmail services.

But first, make sure your connection is secured using SSL.

How do you know a connection is secured by SSL? The handy “s” after “http” will tell you. For example, https://mail.google.com is encrypted while http://mail.google.com is not. You can force an encryption by adding the “s” yourself, or by turning on “Always use https” from the Browser Connection settings of your Gmail account.

Why? Because without it, anyone can easily hack someone’s account and in two weeks it is going to get even easier. Mike Perry, a reverse engineer from San Francisco, announced his intention to release his Gmail Account Hacking Tool to the public. According to a quote at Hacking Truths, Perry mentioned he was unimpressed with how Google presented the SSL feature as less-than-urgent. It is urgent, and here’s why.

Before Gmail released the ability to automatically encrypt your Gmail connections, your browser/server interactions went something like this:

Your Browser: Hey there Gmail, I want in. Here’s my encrypted login.
Gmail Servers: Hey there, browser. I see your encrypted login fits what I have here. If you want to keep talking to me, I will need to see proof of your login, but don’t bother encrypting it for me. Here is your unencrypted email.
Your Browser: Great. I want to read this particular email, my Gmail login is: webmonkey@wired.com and my password is: monkeylove. My name is John Hanks Doe and my social security number is 123-45-6789.
Gmail Servers: Sure, here you go. I see you are leaving for vacation with the house unlocked this weekend. Say, is this your credit card information?
Guy packet sniffing your wi-fi from Starbucks: Cool!

It’s a little more complex than that (and a little less goofy and dramatic), but the theory is sound. Using encryption at login only is the equivalent of setting up a toll booth in the desert.

Here’s the exploit: All it takes to steal someone’s Gmail login account is to intercept any transaction since every single one, even images, pass a cookie which contains the session information.

Spoof the session, and you get free reign to the account — including the ability to change your password. Every non-SSL session is in plain text. With a little determination, any bored, disaffected youth could read your email and change your password within a day. Is it really that easy? Here’s a useful tutorial we found via Google search. When the Gmail Account Hacking Tool is eventually released, it couldn’t be any easier.

With SSL, however, the interaction looks something like this:

Your Browser: xz6RV-BRJViqzNJROECslw
Gmail Servers: jx3iC96D3kuZ_IWNrK461w
Your Browser: PxIryG_P3_3_vRENZdWxMQ

The real thing would be even longer in length, and perfectly unreadable. SSL requires a key generated on your end and on the Gmail server’s end. There’s no way for the local guy at Starbucks to get those keys and unencrypt the data by packet sniffing.

Makes you feel a little vulnerable knowing all your public information was so nakedly exposed over the past few years, huh? Did Google know about this?

It turns out they were well aware of it. The reason Google didn’t grant users the SSL feature before, according to Perry, was because SSL is expensive. It takes a lot of bandwidth and time on both the receiver and transmitter sides to generate keys and encrypt data. Slower data connections would experience a lagging Gmail experience.

Packet sniffing for session information is not a new thing, and is bound to get even more familiar due to how easy it is. Keep in mind, it is not just Gmail which passes account information outside of SSL encrypted connections. There are many sites around the internet that are still vulnerable to this exploit. Protecting your wifi connection with WEP isn’t foolproof either. Your best bet is to use SSL whenever you are transferring information valuable to you, and to avoid sites that don’t use it at all.[/quote]


To fix it, sign into your gmail account, go to settings, scroll to the bottom and change the option to "always use https"
__________________

Reply With Quote
The Following User Says Thank You to Courtney For This Useful Post:
HolidayHoney (08-29-2008)
  #2  
Old 08-29-2008, 02:53 AM
whychristmas's Avatar
whychristmas whychristmas is offline
Webmaster Partner, Why Christmas?

Last Achievements
 
Join Date: Oct 2004
Location: Somerset, UK
Posts: 2,785
Thanks: 107
Thanked 888 Times in 560 Posts
whychristmas would be nice to meet under the mistletoewhychristmas would be nice to meet under the mistletoewhychristmas would be nice to meet under the mistletoewhychristmas would be nice to meet under the mistletoewhychristmas would be nice to meet under the mistletoewhychristmas would be nice to meet under the mistletoewhychristmas would be nice to meet under the mistletoewhychristmas would be nice to meet under the mistletoewhychristmas would be nice to meet under the mistletoewhychristmas would be nice to meet under the mistletoewhychristmas would be nice to meet under the mistletoe
Good stuff! I've been using ssl on gmail for a while. If you're a Firefox user, there's a this great addon: https://addons.mozilla.org/en-US/firefox/addon/1320 in its prefs there's a 'secure connection' box you can tick so it uses https:// for you.
Reply With Quote
The Following User Says Thank You to whychristmas For This Useful Post:
Courtney (08-29-2008)
Reply

Bookmarks






Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Year Round Christmas Radio -- Listen now!

Listen to Kringle Radio via...

Winamp
Windows Media


Click to listen now!


Listen to the Merry Podcast NOW

Christmas Fans -- Ranking the Best of Christmas









2012 Founder's Award