hey i found a new toy for iceweasel
Kristian Erik Hermansen
kristian.hermansen at gmail.com
Mon Feb 4 22:18:23 MST 2008
On Feb 4, 2008 9:00 PM, Micah DesJardins <micahdj at gmail.com> wrote:
> If you use
>
> https://mail.google.com
>
> instead of http://mail.google.com it remains encrypted after you log in.
This is not necessarily true. There have been attacks in which Google
session ids can be compromised if for a time HTTPS is disrupted.
Google then attempts to utilize the non-https session and exposed the
id, which can then be used to log into the account without a user/pass
combo...
--
Kristian Erik Hermansen
"Know something about everything and everything about something."
More information about the PLUG-discuss
mailing list