Comments on: Cookies in Gmail, Hotmail, and Yahoo! Mail Pose Security Threat

By: crizyant

crizyant — Sun, 12 Aug 2007 03:33:44 +0000

hi who can show me how to attack by cookies??

i hope i can get demo video . sent me .

thank you .

e_mail:qwer1234981@yahoo.com.cn
songqwr123@aol.com

By: Anonymous

Anonymous — Sun, 05 Aug 2007 10:39:02 +0000

You should be thankful that Gmail offers the ssl version (Yahoo Mail and Hotmail don’t have something like that). The reason why Gmail doesn’t default to https is that it would consume a lot of resources on both ends and then you’d say Gmail is too slow.

By: Tinhed

Tinhed — Sun, 05 Aug 2007 07:57:40 +0000

Google must remove support for http and enforce only https. This way there is no chance of a security breach

By: Ryan

Ryan — Sun, 05 Aug 2007 04:36:18 +0000

@dkong: That’s what I normally do, too. It just takes a little extra effort to remember to add the https when you’re bookmarking a site.

@Lappy: That is a great extension, and it does many things that a Google user would love including forwarding to the https.

@lightman: Just make sure you don’t enable too many of those scripts…I noticed a huge slowdown when I did that.

@Alex: I thought the same thing, and it still boggles my mind why Google wouldn’t be enforcing the secure connections. I’m pretty sure that most browsers support it just fine (even mobile ones).

By: Alex Killby

Alex Killby — Sat, 04 Aug 2007 20:00:36 +0000

I honestly thought these sites were better than that. I mean if you’re a big name like Google, you’ve got people employed full-time just to work on security. How is it that ALL connections aren’t encrypted?

By: lightman

lightman — Sat, 04 Aug 2007 17:49:00 +0000

For Gmail you could also use the fabulous Firefox extension “Better Gmail” that combines several greasemonkey scripts:
[lifehacker.com]
It adds tons of functionalities, including encrypted connection (https).

By: Lappy

Lappy — Sat, 04 Aug 2007 08:37:54 +0000

For all you Firefox users, I strongly recommend the use of a fantastic extension called CustomizeGoogle ( [customizegoogle.com] ). It offers the option of using https:// instead of http:// on (possibly) all the Google sites that allow it, along with TONS of other useful options. If you’re a Firefox user and a Google fan, this extension is a must.

By: dkong

dkong — Sat, 04 Aug 2007 03:45:29 +0000

I’ve found the easiest way to “remember” to add the https is to just bookmark gmail and whatever other google apps you use (that support https- not all of them do) is to just bookmark each site with the htpps.