[LINK] don't use webmail in public

Kim Holburn kim at holburn.net
Fri Feb 1 20:49:33 EST 2008


It would seem to be a bad idea to use webmail in public internet  
places like wifi hotspots etc. because your system and browser leak  
cookie data.


http://blog.wired.com/27bstroke6/2008/01/ssl-gmail-not-a.html
<http://tinyurl.com/yroz32>

> SSL Gmail Not As Safe As You Thought
> By Kim Zetter EmailJanuary 31, 2008 | 9:58:01 PMCategories: Hacks  
> and Cracks
>
> Google_logoOne of the big stories at DefCon last year was a  
> security researcher's demonstration of wirelessly sniffing users'  
> session cookies while they accessed their e-mail accounts or  
> conducted e-commerce transactions via wireless networks. The attack  
> allowed a hacker access to the victim's Gmail or Hotmail account  
> without needing to decipher the user's password.
>
> Now the security researcher who presented that info has found that  
> even using SSL HTTPS to access your Gmail account -- which was  
> touted at the time as a surefire way to protect Gmail users against  
> such an attack -- is vulnerable to this hack.
>
> Robert Graham of Errata Security says he's been able to grab  
> session cookies even when users access their account in a  
> presumably secure manner. He describes the vulnerability

http://erratasec.blogspot.com/2008/01/more-sidejacking.html
<http://tinyurl.com/25zwc6>


--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961





More information about the Link mailing list