What’s the big deal
A vulnerability in the way Gmail communicates with its server means that a third party sniffing on your network could steal your authentication cookie allowing them to log into your Gmail account without a password.
This is possible as every time you log in to Gmail a cookie (a text file) containing your session ID is send to your browser. This file is used by the Gmail website as a means of authentication and every time you access anything on Gmail, your cookie will be send by your browser to the Gmail server and unless you have clicked on the sign-out button, this cookie will remain valid for 2 weeks.
Is my Gmail account vulnerable
If you are currently accessing Gmail via the URL: http://www.gmail.com or http://mail.google.com then you are risk.
How to protect myself?
Enable SSL for your Gmail account. This works by encrypting the connection between your PC to the Gmail server preventing any third party sniffing your network from being able to steal your Gmail cookie.
| Step 1 |
Select “Setting” in Gmail
|
| Step 2 |
Select “General” in Gmail
|
| Step 3 |
Enabling HTTPS
|
Glossary
| HTTP:// |
Accessing a website via the HTTP protocol. (not secured) |
| HTTPS:// |
Accessing a website via the Secured HTTP protocol. (SSL is use to provide an encrypted tunnel from point A to B) |
| SSL |
Secure Session Layer, a protocol for providing an encrypted tunnel from point A to B preventing a third party from understanding the content of the communication |
Related articles
