Wednesday, August 20, 2008

To all you Gmail Users ...

There is a new feature in gmail that you should all enable. It addresses a new vulnerability that was recently identified. It is really simple to do.


Login to gmail.


Click on "Settings" in the upper right.


Make sure the "General" tab has been selected (it should be by default).


Scroll down to the bottom to the "Browser Connection" section.


Select the "Always use https" option.


Save your changes.


Usually when you login to gmail, it will encrypt your password when you send it across. However, future transactions inside of gmail are done via cookies and may not use SSL (encryption). Enabling this feature forces all communication to be done over SSL.


This addresses a hack that will be released in ~2 weeks. You can read about it here if you are so inclined.

No comments: