Google Groups Home
Help | Sign in
Gmail Help Discussion
Home
About this group
Join this group
Help Discussions > Reading Messages > Fact or Fiction? Gmail Account Hacking Tool
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   2 messages - Collapse all
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
scottDA  
View profile
  More options Aug 20, 12:29 am
From: scottDA
Date: Tue, 19 Aug 2008 12:29:02 -0700 (PDT)
Local: Wed, Aug 20 2008 12:29 am
Subject: Fact or Fiction? Gmail Account Hacking Tool
Forward | Print | Individual message | Report this message | Find messages by this author

    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
JoshuaDPS  
View profile
  More options Aug 20, 12:52 am
From: JoshuaDPS
Date: Tue, 19 Aug 2008 12:52:07 -0700 (PDT)
Local: Wed, Aug 20 2008 12:52 am
Subject: Re: Fact or Fiction? Gmail Account Hacking Tool
Forward | Print | Individual message | Report this message | Find messages by this author

On Aug 19, 3:29 pm, scottDA wrote:

Sure. I think it is a little bizarre to describe this as some kind of
amazing discovery. Anyone familiar with web application security knows
that unencrypted sessions can be stolen.

Two things make this less-than-hugely dangerous:

1. The attacker needs to be on the physical network between you and
google. A random hacker in Russia can't do this.
2. They can only control your account for as long as the session
cookie is valid. If you log out or if the session expires, they lose
all access. And they won't be able to steal your password to get
permanent access.

Of course, temporary access is enough for them to do substantial
damage. So you really should use the always-secure feature. But most
people accessing gmail should be much more worried about spyware and
phishing emails than about man-in-the-middle attacks.


    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2008 Google