« Scrollovers Makes Your Links Stand Out
The Chair That “Fights Back” »

Protect Your Gmail Account From Hackers

Published August 10, 2007 in Security.

At the recent Black Hat security convention, Robert Graham, the CEO of errata security demonstrated on camera how he hijacked a Gmail session and read the victim’s emails. He sniffed the Wi-Fi network for cookies and copied them into his notebook using his self-made tool, Hamster. The hack doesn’t need the victim’s username or password to work. It only requires an IP address.

This hack has been reported to work on almost any cookie-based web application. Therefore, other web-based email services Yahoo Mail and Hotmail is vulnerable as well.

The good news is that this hack can be easily prevented with the use of SSL or any other types of encryption. However, it is reported that Internet users seldom use these form of security measures when accessing the emails thus putting them at risk.

For example, accessing Gmail from http://mail.google.com will lead you to an SSL page where you insert your username and password. However, you will then be redirected to a non-SSL page to access your emails which puts you in a vulnerable situation.

Accessing Gmail without using SSL

On the other hand, accessing Gmail from https://mail.google.com (doesn’t work for me that’s why I’m using https://mail.google.com/mail?tab=wm instead) forces Gmail to redirect you to an SSL page after login.

Accessing Gmail using SSL

There are some photos of the hacking demonstration available. Remember to always use an SSL page (https) whenever there is such an option. Protect yourself online.

Stumble it!   Share it!   Subscribe to my feed

Related posts:

  • Solution To GMail Hang In Internet Explorer
  • How To Setup GMail As A Pop3 Mail Client
  • GMail Slow When Using Internet Explorer
  • GMail Spam (Beware Of Conman)
  • First Snail Mail From Google
  • IPhone Is Vulnerable To Hack Attacks!

    • 6 Responses to “Protect Your Gmail Account From Hackers”

    Feed for this Entry Trackback Address
    1. 1 Azmeen
      Aug 10th, 2007 at 9:25 am

      If you’re using Firefox, you can automatically switch over to https for GMail and Google Reader, as well as perform lots of other Google customisations; you might want to install the Customize Google extension.

    2. 2 mooiness
      Aug 10th, 2007 at 10:33 am

      I tried your method which is to hit the HTTPS version of the main page but it still goes back to non-HTTPS after I’ve logged in. I tried out the extension that Azmeen recommended and it works a treat. :)

    3. 3 Hasbullah Pit
      Aug 10th, 2007 at 12:03 pm

      Tak perasan pula, dia guna http atau https masa logmasuk.

    4. 4 TenthOfMarch
      Aug 10th, 2007 at 5:03 pm

      @Azmeen
      Thanks for the info, Azmeen! :-) .

      @mooiness
      Hmmm…that is strange. I tried it on FF and IE. They both worked for me (as shown in the screenshot above).

      @Hasbullah Pit
      Saya rasa dia guna http masa dia digodam. Jika guna https, kemungkinan dia digodam adalah sangat tipis.

    5. 5 rrr
      Sep 26th, 2007 at 4:18 pm

      Dear Sir
      Regularly some one open my gmail account how to protect my account and how can i find who is the culprit

    6. 6 TenthOfMarch
      Sep 27th, 2007 at 1:19 am

      @rrr
      Wow, this is beyond my knowledge. You should first change your password to something more complex. Mix letters and numbers in it. And change all your “security questions”. Login to Gmail using https://mail.google.com. That’s all I can help. I have no idea how you can detect the person entering your account though. All the best.

    Leave a Reply

    « Scrollovers Makes Your Links Stand Out
    The Chair That “Fights Back” »

    My Other Blogs

    ChanKelwin.com
    Vocal Junkie dot Com

    Enter your email address:

    Delivered by FeedBurner

     

    Close
    E-mail It