Tuesday, June 3, 2008

Is it possible to hack into a gmail address ? - Really scary

Who doesn't have a gmail id now a days ? In my honest opinion, I am yet to discover a more user friendly web mail host. Gmail is non-intrusive, provides all the advanced and usable features such as POP3, mail search and much more.

But recently at a Black Hat security convention, Robert Graham, the CEO of errata security, surprised attendees by hijacking a Gmail session on camera and reading the victim’s email. He went even further by demonstrating the attack by taking over another journalist’s Gmail account and then sending emails from that account. Really scary.

So how do you protect yourself from somebody sniffing your email while it is in transit and then hacking into your gmail account ? There is one way to make it much harder for sniffing your mails. That is by sending and receiving mails using Gmail's SSL feature. SSL stands for Secure Sockets Layer and is used to provide secure data transfer across the web, for instance ecommerce sites use SSL to transmit your credit card details. Google provides the SSL feature for gmail and all it takes to enable SSL in Gmail is by typing the address https://mail.google.com instead of http://mail.google.com. Make note of the 's' in 'https'. What this does is instead of encrypting only the username and password, Gmail encrypts the whole mail session and this makes it possible to transfer your mails in a secure manner.

So the next time you decide to log on to your gmail account, use https instead of http and you will be fairly safe from getting your mail sniffed in transit.

No comments: