WidgetBucks - Trend Watch - WidgetBucks.com

Archive for February, 2008

Google Mail vulnerable to sidejacking, even though it has SSL

Sunday, February 3rd, 2008

According to security researcher and CEO of Errata Security Robert Graham:

Google’s JavaScript code makes HTTP requests in the background via an XMLHttpRequest. By default, these requests are SSL-encrypted—but if SSL fails, they change to nonencrypted mode. When a user attempts to connect to a WiFi hotspot, Google Mail attempts to connect with SSL both enabled and disabled. Even if the attempt fails, session-ID cookies are still transmitted to the router, and can therefore be captured by anyone sitting nearby with an appropriately configured software suite.

Full coverage

Posted in news | No Comments »

About Me

This site is a tribute to all fans of the golden age of heavy metal and hard rock, the 60s to the 80s. More

Want to subscribe?

 Subscribe in a reader Or, subscribe via email:
Enter your email address: 
Find entries :