User login

Is Your Gmail Safe?

For those of you that use Gmail, you definitely want to check this out. Up until a week ago, Gmail only used SSL encryption for login authentication. Your username and password were fine, but everything else after that was not.

Google has now given users the option to use SSL for the entire session, from login to reading mail, sending mail, etc. I highly recommend that anyone using Gmail enables this option. Why? At Defcon last week, a tool was presented that easily gives the ability to get session information from Gmail cookies from an unencrypted session and allows an attacker to authenticate to your Gmail account with no password. Even if this tool didn't exist, you should still enable entire session SSL.

So if you use Gmail at all, be sure you enable the SSL options. Here is how:

1. Login to your Gmail account

2. Go to your account settings (Settings at the top of the page)

3. At the bottom under Browser Connection, select "Always use https":

How-to Enable Gmail SSL

Be sure to save changes. Once you are done, you can log out and then back into Gmail. Once you are back at your message list, you should see the https in the address bar at the top along with any other browser SSL indications.

For more information on this, you can go to the Hungry-Hackers.com site.