Posted: 01st Feb, 2008 By: MarkJ
People using one of Google's popular free email (Gmail) accounts could be leaving themselves open to attack on wireless networks (
Wi-Fi). Google uses its web servers secure SSL (HTTPS://) connection to protect subscribers, yet the system can revert to sending information in unencrypted form if the SSL fails.
Security researcher Rob Graham has now revealed that it is possible to disable Gmail's SSL protection by sending a reset packet to either the victim's PC or Google's own server, thus forcing the session into unencrypted mode.
Further details can be found
here and it is understood that Google are now investigating the problem. Ironically Google is still credited with being more secure than many of its rivals, such as Yahoo.