Re: hey i found a new toy for iceweasel

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Kristian Erik Hermansen
Date:  
To: Main PLUG discussion list
Subject: Re: hey i found a new toy for iceweasel
On Feb 4, 2008 9:00 PM, Micah DesJardins <> wrote:
> If you use
>
> https://mail.google.com
>
> instead of http://mail.google.com it remains encrypted after you log in.


This is not necessarily true. There have been attacks in which Google
session ids can be compromised if for a time HTTPS is disrupted.
Google then attempts to utilize the non-https session and exposed the
id, which can then be used to log into the account without a user/pass
combo...
--
Kristian Erik Hermansen
"Know something about everything and everything about something."
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss