Protegendo seu gmail e google reader contra snifers

Circula na blogsfera um artigo sobre como hackear contas do gmail yahoo hotmail etc através da captura de cookies, mas dentre os serviços citados apenas o gmail permite que após o login você use SSL digitando um "s" no endereço, ou seja, onde tem http://www.gmail.com, você digita https://www.gmail.com.

"Gmail uses https to protect your username and password sent through the cyberspace, but switch to http mode after the authentication.
This way the sniffer cannot know your credentials.
However after the authentication gmail uses cookies to store the session key. This key is sent over in each request you make to gmail, and if sniffed then can be used to do the attack like mentioned in this article.
Using https over ALL traffic between gmail and your computer makes that impossible.

Using wifi (well-configured) for e-banking or e-mailing is not unsafer than using wired net! Your communication for example with gmail goes through a dozen of computers even when using wired network, so there's plenty of space where someone can sniff that..."

Nenhum comentário:

Postar um comentário

Insira seu comentário - O mesmo será submetido à aprovação!

linux-cookbook

Grupos do Google
Participe do grupo linux-cookbook
E-mail:
Visitar este grupo