Thursday, March 13, 2008

Secure Web mail Access

Ever used Gmail's large storage space to store personal data (or even as a file system)? The bad thing is, accessing a web mail site like Gmail is only secured during login. All other data transferred to your web browser, from viewing of mail, saving drafts, etc, can be easily hijacked especially in a public wifi hotspot. Even loading the first page with all the subject headers and first line of the message body can give a hijacker insight into your personal details. The solution is to use,

https://mail.google.com

to access gmail. After login, you will be redirected to your mailbox also under the https protocol. One possible mistake is to use,

http://mail.google.com

instead and thinking that since the login will be under https so will the mailbox. This is not true, the redirection to mailbox will be over the http instead of https. Before you know it, someone behind you will already have the first page of your mailbox on his screen.

Another interesting side-effect of using https is that if an in-house firewall has blocked http://mail.google.com, it might not be set to block https://mail.google.com, effectively allowing access to gmail.
Posted by Devil at 12:12 PM
Labels:

2 comments:

Gerald said...

You might want to consider trying this...

http://www.getdropbox.com/

Still beta though. Looks interesting. :D

March 14, 2008 at 9:55 PM
Anonymous said...

You can use http://lifehacker.com/software/exclusive-lifehacker-download/better-gmail-2-firefox-extension-for-new-gmail-320618.php

It's a ff extension that contains all the goodies, including https connection for gmail.

of course, there's also the google reader integration which i wrote, and which others have improved on. in fact, you can find my name in the extension. =)

March 18, 2008 at 12:10 AM

Post a Comment

Subscribe to: Post Comments (Atom)