“A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas. Last week, Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, not just authentication. Users who did not turn it on now have a serious reason to do so, as Mike Perry, the reverse engineer from San Francisco who developed the tool, is planning to release it in two weeks.”
How to:
- Log into GMail
- Click on Settings
- Scroll down to the bottom and check the “Always use https” radio button
- Log out
Next time you log in you’ll be using an encrypted web connection for the whole session, not just to log in.
