Register Blogs Advertise with usHelp Desk Today's Posts Search

Rating: 4 votes, 3.50 average.

Your Gmail Account Can Be Hacked. Here’s How to Protect It…

Submit "Your Gmail Account Can Be Hacked. Here’s How to Protect It…" to Facebook
Posted 19th August 2008 at 10:51 PM by Asher

From Slashdot:

“A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas. Last week, Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, not just authentication. Users who did not turn it on now have a serious reason to do so, as Mike Perry, the reverse engineer from San Francisco who developed the hacking tool, is planning to release it in two weeks.”

The solution is to set Permanent SSL in Gmail

1. Sign in to Gmail.
2. Click Settings at the top of any Gmail page.
3. Set ‘Browser Connection’ to ‘Always use https.’
4. Click Save Changes.
5. Reload Gmail.

Note: People with Gmail Notifier will need to download a patch. Details.

Mobile/Firefox Users: I will make the immediate assumption that enabling permanent SSL will break all mobile access/apps and Firefox plugins.

This is especially important for anyone using unsecured WiFi networks or anyone residing in buildings with unsecured networks. Although you may not know it, your wifi connection may jump on unsecured networks without your knowing.

You can protect yourself from account hijacking in the future by following these tips:

1. Don’t reply to, or click links within, emails that ask for personal, financial, or account information.

2. Check the message headers. The ‘From:’ address and the ‘Return-path’ should reference the same source.

3. Instead of clicking the links in emails, go to the websites directly by typing the web address into your browser, cut and paste, or use bookmarks.

4. If on a secure page, look for “https” at the beginning of the URL and the padlock icon in the browser.

5. Use a browser that has a phishing filter (Firefox, Internet Explorer, or Opera).

6. Use strong passwords. A strong password should be unique; include letters, numbers, and symbols; and be changed regularly.

7. If you ever need to change your account information, such as your billing details or your password, you should always sign in to your account from the main AdWords login page ( and

make the changes directly within your account. For more information on changing your username and password, read our Help Center article at
How do I change my Google Account email and/or password? - Google AdWords Help Center.

8. To protect your computer from malware, keep your computer’s antivirus, spyware, browser, and security patches up to date and regularly run system scans. If you need more information about software that can help detect and remove malware from your computer, please visit
Strange Behavior and Malicious Software : Strange pop-ups, toolbars, redirects, or results - Web Search Help Center.

Find more empowering entries like this at Asher's blog at
Posted in Articles
Views 12230 Comments 0
Total Comments 0



All times are GMT -6. The time now is 08:42 PM.