Topic: Want to secure your Gmail account?  (Read 1083 times)

0 Members and 1 Guest are viewing this topic.

Offline Just plain old Punisher

  • Vice Admiral
  • *
  • Posts: 36927
  • Gender: Male
  • I'm not facist, I just like wearing jackboots
Want to secure your Gmail account?
« on: July 14, 2006, 08:20:49 pm »
So I was sitting at work this past week wondering if anyone could sniff my gmail sessions. Since I used gmail and talk (google's implementation of Jabber) on a daily basis, I wanted to be sure that no one was monitoring my personal emails or conversations. To this end I did some investigating with tcpdump on my Mac. (tcpdump is freeware available at tcpdump.org which prints out all of the packet information to and from your computer.

So I clicked on my bookmarked gmail link and was transported to my inbox, and noticed some very troubling things. There is no encrypting schema at all. Everything is plain text inside of very easily identifiable packets. Subject, To, From, Message body, you name it, all plain text in the packets. Clearly this is troubling from a security standpoint, as I send all my online receipts to my gmail address as well. I also noted that talk was not encrypted.

After doing some searching on the web, I found a bunch of greasemonkey scripts that would automatically encrypt the emails based on varied levels of encryption algorithms. But this was limited and required a third-party software, something I wasn't thrilled about.

After logging out and logging back into gmail, I noticed that the credentials are sent to an https://mail.google.com/..... Connection to be verified, but then are given back with the redirection to http://mail.google.com/mail for the inbox. After some thinking, I realized that it wasn't forcing the page back to http://mail.google.com it was just simply using the browser start addr as the place for the redirect.

In theory, if one starts at https://mail.google.com then the HTTP-SSL session will stay valid, and thus all the information encrypted. Sure enough, this is the case. 100% encrypted unidentifiable information, all by changing the start login page of gmail from http://mail.google.com to https://mail.google.com

Update your bookmarks and read your email securely!

"Sex is a lot like pizza.  If you're not careful you can blister your tongue". -Dracho

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: Want to secure your Gmail account?
« Reply #1 on: July 14, 2006, 10:34:39 pm »
Use Lycos.  ;)  Now with a 3GB storage limit for free accounts and lots of new features and options. Exceptional support and service.

Lycos Mail   :thumbsup:

And no creepy datamining "invitations" under the guise of a two year long beta...  :skeptic:

I don't know if Hotmail has fixed their attachments yet (everything, clean or not, was blocked as a virus for quite some time). They started blocking attachments right after they upped their storage to 250MB,  pretty bogus, I notice its back down to 25MB now... I gave up on them and never looked back.

Offline E_Look

  • Grand High Scribe
  • Captain
  • *
  • Posts: 6446
Re: Want to secure your Gmail account?
« Reply #2 on: July 14, 2006, 10:56:13 pm »
+1, Pun, for your sharp eye...