On Feb 4, 2008 9:00 PM, Micah DesJardins <
micahdj@gmail.com> wrote:
> If you use
>
> https://mail.google.com
>
> instead of http://mail.google.com it remains encrypted after you log in.
This is not necessarily true. There have been attacks in which Google
session ids can be compromised if for a time HTTPS is disrupted.
Google then attempts to utilize the non-https session and exposed the
id, which can then be used to log into the account without a user/pass
combo...
--
Kristian Erik Hermansen
"Know something about everything and everything about something."
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss