Home » ISPreview UK News Archives »
Google E-Mail (GMail) Accounts Open to Attack
By: MarkJ - 01 February, 2008 (1:49 PM)

People using one of Google's popular free email (Gmail) accounts could be leaving themselves open to attack on wireless networks (Wi-Fi). Google uses its web servers secure SSL (HTTPS://) connection to protect subscribers, yet the system can revert to sending information in unencrypted form if the SSL fails.

Security researcher Rob Graham has now revealed that it is possible to disable Gmail's SSL protection by sending a reset packet to either the victim's PC or Google's own server, thus forcing the session into unencrypted mode.

Further details can be found here and it is understood that Google are now investigating the problem. Ironically Google is still credited with being more secure than many of its rivals, such as Yahoo.

History - [News Archives]


Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy Policy, Links (.), Website Rules).