English Deutsch Español Français Italiano Portuguese Čeština Ελληνικά 中文(简体) 中文 (繁體) Tiếng Việt 日本語 ภาษาไทย Русский Български Nederlands Polski Svenska Norsk Dansk Suomi

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

SPAMfighter is

Microsoft Gold Certified Partner

SPAMfighter also

Works with Windows Vista

SPAMfighter Exchange Module is Microsoft certified ".net connected".

Microsoft .NET Connected

WiFi Could Expose Gmail to Hacking

People who use WiFi connection to access Gmail accounts on Google Inc. or accounts in the Facebook social networking site could potentially fall victim to hacking, according to Errata Security Inc., a company providing computer security.

Robert Graham representing Errata Security showed how to hack a Gmail account while demonstrating at the Black Hat Conference at Las Vegas. Till then, people thought Gmail and other similar sites were safe since they encrypted entries when users logged in.

Graham used the Gmail account of an attendee at Black Hat who was reading his e-mail to show how to tap the validation cookie, join it to a web browser on the PC, and reach the attendee's account.

Most websites have encryption service for passwords when they are typed in, but because the service is expensive, there is no further encryption like the information communicated between a browser and a site, the researchers wrote in a paper at the conference held in the first week of August 2007.

By using the same method, hackers could sneak into other mail accounts too. This is also possible for social networking sites such as MySpace. After seizing an account, the hacker usually modifies the password that would no longer let the legitimate user access his/her account.

The technique could also enable the hacker to read e-mail, post material on blogs, or perform other malicious operations. Meanwhile, the person under attack is taken to the Web page he/she wanted to visit. Errata called this 'sidejacking'.

A solution to this problem is not to connect to public WiFi unless the user employs a secure sockets layer or Virtual Private Networking (VPN) to access his/her account, Graham wrote in a study paper. PCWorld reported this on August 1, 2007.

If A sniffs B's Gmail connection and obtain all of B's cookies to join it to A's Gmail account, then A imbibes the identity of B that fundamentally breaks Web 2.0 processes, Graham explained. The Register reported this on August 2, 2007.

For protection, Graham suggested users to select Google options, which keep the Gmail encrypted automatically during the entire session.

» SPAMfighter News - 14-08-2007

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail and Thunderbird - Read more

Slow PC? Try SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now.

 

Exchange spam filter

SPAMfighter Exchange Module is a spam/virus filter for Exchange server - Free 30 days trial

 

Spyware remover

Remove Spyware with SPYWAREfighter - Free 30 days trial

<<<>>>