A few weeks ago, Google introduced a new feature that allows you to set your Gmail account to always use SSL, not just when you’re logging in.
Like most folks, I didn’t think much of it. However, a new vulnerability has been discovered that can hijack your account if you’re not using full-time SSL.
While this situation is making Gmail look bad, Google is really looking pretty good. This specific hack is Gmail-only, but a similar hack could be built for Yahoo mail, Hotmail, etc. The big difference is that Gmail offers full-time SSL, while the others don’t.
To turn this feature on in Gmail, simply go to [settings], then choose “Always use https” at the bottom of the page (be sure to [Save Changes]). It’s quite simple.
The tool to execute this hack will be released in two weeks
, though others may be working on it already. I’d suggest you make that small change to your Gmail settings right now.
