A few weeks ago, Google introduced a new feature that allows you to set your Gmail account to always use SSL, not just when you’re logging in.
Like most folks, I didn’t think much of it. However, a new vulnerability has been discovered that can hijack your account if you’re not using full-time SSL.
While this situation is making Gmail look bad, Google is really looking pretty good. This specific hack is Gmail-only, but a similar hack could be built for Yahoo mail, Hotmail, etc. The big difference is that Gmail offers full-time SSL, while the others don’t.
To turn this feature on in Gmail, simply go to [settings], then choose “Always use https” at the bottom of the page (be sure to [Save Changes]). It’s quite simple.
The tool to execute this hack will be released in two weeks, though others may be working on it already. I’d suggest you make that small change to your Gmail settings right now.
Leave a Reply