The cyberwebtubes are full of surprises, many of which are essentially invisible to us normal folk. In a couple weeks a tool is being released that automates the process for stealing access to a person’s Gmail account. The key here though is that the victim is using Gmail unencrypted.
The solution is to enable SSL (Secure Sockets Layer) and Google has provided you with the option to enable this.
To do so, first log in to your Gmail account. In the upper right hand corner you will find a “Settings” link. Click on it.
This will take you to a page with a bunch of settings, scroll all the way down to the bottom.
See that radio button that says “Always use https”? Click on it! Then click on the “Save Changes” button.
You will have to relogin back into your Gmail account. However, this will change the way you use Gmail so that all your traffic will be encrypted between your computer and Google. Thankfully, this shouldn’t change the way Gmail works for you unless you are on an extremely slow network connection. Additionally, some corporate networks look for unknown encrypted data streams leaving their networks and stop them. However, if your IT staff are good enough to be doing this, then they are probably smart enough to appreciate that you are smart enough to use your webmail encrypted.
Yah, changed mine the day after the Defcon talk, lol. Though I think it killed my Gmail Notifier. :’(
thank you very much,explaining the way to active ssl option in gmail was very useful!