Sunday, August 5, 2007

Preventing Gmail cookie stealing

There has been a news of a vulnerability from the use of cookies by email sites like Gmail at Wi-Fi hotspots. Cookies can be stolen by using sniffing softwares and entire session can be hijacked to do malicious things on the target accounts. A simple method to stop such attacks is to use SSL for the entire session, not just for login that gmail does by default. A nice add-on from CustomizeGoogle can be used for making sessions use SSL. In addition, there are many other cool features we get on installing this add-on to Firefox browser. These features can be selected from Tools menu of Firefox and includes options such as making ads invisible in gmail and google search results. Also, links to search results from Yahoo and other popular search engines can be added for the same search string in Google search.

No comments: