Gmail Users Read
#1
Posted 20 August 2008 - 05:27 PM
steals your authentication data from unencrypted gmail sessions. Go
into your options and turn on "Always use https" to keep your google
account safe.
http://it.slashdot.o...433206&from=rss
excerpt:
A tool that automatically steals IDs of non-encrypted sessions and
breaks into Google Mail accounts has been presented at the Defcon
hackers' conference in Las Vegas.
Last week Google introduced a new feature in Gmail that allows users
to permanently switch on SSL and use it for every action involving
Gmail, and not only, authentication. Users who did not turn it on now
have a serious reason to do so as Mike Perry, the reverse engineer
from San Francisco who developed the tool is planning to release it in
two weeks.
To change this go to the "Settings" page and go to the bottom and check the "Always use Http" option.
You were the fastest sperm.
#2
Posted 20 August 2008 - 05:30 PM
#3
Posted 20 August 2008 - 05:32 PM
No probably more like send out bad messages and use your account to spam people.GEEEZ thank you for sharing!!. I use gmail, wait so this tool will let people hack into your account and read your emails or something?
#4
Posted 20 August 2008 - 06:09 PM
No probably more like send out bad messages and use your account to spam people.GEEEZ thank you for sharing!!. I use gmail, wait so this tool will let people hack into your account and read your emails or something?
That and steal personal information such as an address some one emailed you.
#5
Posted 20 August 2008 - 06:31 PM
#6
Posted 20 August 2008 - 10:16 PM
#7
Posted 21 August 2008 - 03:45 AM
#8
Posted 21 August 2008 - 06:54 AM
Thanks for the heads up. It's very much appreciated.
#9
Posted 21 August 2008 - 10:33 AM
Talio.
#10
Posted 21 August 2008 - 11:12 AM
The whole point of and encrypted or "secure" server is to provide basic security for people who don't want an open area connection to be eavesdropped on (port listening). They can be cracked, hacked and broken down by people who know what they are doing. Its just to provide temporary security for temporary connections to their secure network or server. I personally encrypt all files in and out of my computer to prevent a third party from snagging information.
Blacksunshine: It does put you into HTTPS mode only until you enter your inbox. If you didn't turn it off you get a message asking if you would like to show all insecure items on the page (adverts,scams,spam pics.)
#11
Posted 21 August 2008 - 01:11 PM
Blacksunshine: It does put you into HTTPS mode only until you enter your inbox. If you didn't turn it off you get a message asking if you would like to show all insecure items on the page (adverts,scams,spam pics.)
Just logged in and noticed that.
And changed settings so that it always uses HTTPS.
#12
Posted 21 August 2008 - 02:01 PM
It can be found here: https://addons.mozil...efox/addon/8434
Check it out. It makes gmail and google calendar look much cooler. Just thought I'd mention it here. Also, change your https setting like CPGunner pointed out.
#13
Posted 21 August 2008 - 04:09 PM
OMC- I like the addon, thanks!
#14
Posted 21 August 2008 - 04:37 PM
#15
Posted 21 August 2008 - 04:52 PM
OMC, awesome addon. The theme is very similar to my firefox skin, and my IM client's skin. Everything is nice and unified.
More google related thread hijacking:
Anyone else use digsby? It's a cool IM client that can do a lot of stuff. It combines all of your IM services, and can alert you if you get emails or messages on a social networking site. I use it and like it a lot. It keeps me from compulsively checking my gmail accounts and facebook.
It has a couple downsides though, no AIM chatroom support (yet at least) and doesn't work with just any email address. So far they support Gmail, AOL, IMAP, and POP accounts. I can't make it check my campus email (which opens in a web version of outlook), but I'm no email expert.
Just thought I'd share.
#16
Posted 21 August 2008 - 09:12 PM
There is a tool being released by a reverse engineer in two weeks that
steals your authentication data from unencrypted gmail sessions. Go
into your options and turn on "Always use https" to keep your google
account safe. To change this go to the "Settings" page and go to the bottom and check the "Always use Http" option.
Thanks for the heads up.
Not to highjack the thread, but has anyone else who uses Google for everything and Firefox for browsing seen the Google Redesign add-on for Firefox?
When I saw that I was reminded of Blackle. I figured they put it out, but I don't see any tie to them.
Anyone else use digsby? It's a cool IM client that can do a lot of stuff. It combines all of your IM services, and can alert you if you get emails or messages on a social networking site. I use it and like it a lot. It keeps me from compulsively checking my gmail accounts and facebook.
Aside from social networking messages and emails, I think Trillian Astra will be eons ahead of digsby once it's finally released. Plus, I've tried to install digsby on four machines and it was only successful on one of them.
#17
Posted 21 August 2008 - 10:45 PM
#18
Posted 31 August 2008 - 03:17 PM
Even though I don't use Google for everything, just search and Gmail, it's not gonna bother me if I turn on https for Gmail. Might as well.
Thanks for posting this!
DOOMSAYER.EXE
FATAL_EXCEPTION_ERROR_CAUSED_BY_A_SHOT_AT_POINT_BLANK_RANGE
If this is the first time you've seen this Stop Error screen, count to 15 and respawn. If this screen appears again, you're dead. Get out of the field.
#19
Posted 31 August 2008 - 07:38 PM
#20
Posted 31 August 2008 - 10:13 PM
There is a tool being released by a reverse engineer in two weeks that
steals your authentication data from unencrypted gmail sessions. Go
into your options and turn on "Always use https" to keep your google
account safe.
http://it.slashdot.o...433206&from=rss
excerpt:
A tool that automatically steals IDs of non-encrypted sessions and
breaks into Google Mail accounts has been presented at the Defcon
hackers' conference in Las Vegas.
Last week Google introduced a new feature in Gmail that allows users
to permanently switch on SSL and use it for every action involving
Gmail, and not only, authentication. Users who did not turn it on now
have a serious reason to do so as Mike Perry, the reverse engineer
from San Francisco who developed the tool is planning to release it in
two weeks.
To change this go to the "Settings" page and go to the bottom and check the "Always use Http" option.
Am I missing something? This guy created a tool that hackers can use to hack into peoples e-mail, steal personal information, and possibly even use it for identity theft. We know his name and where he lives, and he's not being arrested/sued/etc? Is there really no law that can stop people like him?
I'm definitely no expert on the legal system, but I just think it seems strange that hackers can get away with this shit.
Thanks for the heads-up.
Probably dead by now, or something.
#21
Posted 31 August 2008 - 11:02 PM
Edited by Aimless, 31 August 2008 - 11:03 PM.
#22
Posted 01 September 2008 - 12:28 PM
#23
Posted 01 September 2008 - 04:20 PM
Are you a retard? Hacking is in no means illegal. Until you steal information, you are on legal turf. People even get paid to hack into networks, for security measures. I'm now going to refer you to HackaDay.com and have your search for Defcon. Also, check out Hackthissite.org. Very fun little site.Am I missing something? This guy created a tool that hackers can use to hack into peoples e-mail, steal personal information, and possibly even use it for identity theft. We know his name and where he lives, and he's not being arrested/sued/etc? Is there really no law that can stop people like him?
I'm definitely no expert on the legal system, but I just think it seems strange that hackers can get away with this shit.
Thanks for the heads-up.
Also, the creator is not the one to arrest. The skiddies are.
Edited by boisie, 01 September 2008 - 04:22 PM.
#24
Posted 01 September 2008 - 06:46 PM
Hacking is in no means illegal. Until you steal information, you are on legal turf. People even get paid to hack into networks, for security measures. I'm now going to refer you to HackaDay.com and have your search for Defcon. Also, check out Hackthissite.org. Very fun little site.
Am I missing something? This guy created a tool that hackers can use to hack into peoples e-mail, steal personal information, and possibly even use it for identity theft. We know his name and where he lives, and he's not being arrested/sued/etc? Is there really no law that can stop people like him?
I'm definitely no expert on the legal system, but I just think it seems strange that hackers can get away with this shit.
Thanks for the heads-up.
Also, the creator is not the one to arrest. The skiddies are.
He's created something specifically for the purpose of stealing information. I know he can't really be arrested or anything, but I still think it's bullshit.
I never said hacking was illegal. I said hacking specifically for the purpose of allowing others to steal information should be illegal.
Probably dead by now, or something.
#25
Posted 01 September 2008 - 08:54 PM
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users