When everybody is watching the 2008 Summer Olympics, old news is being recycled. I could not avoid commenting on the usually excellent Threat Level that tells us about Gmail's insecurity. Very similar to the same story that was told in the past, also at Threat Level (here) in January 2008 and RealTechNews last year. To be fair, Threat Level mentions previous disclosures but I am probably missing the point.
Unfortunately, many sites will not use SSL by default. This is not unique to Gmail. Many applications behave in a similar way. So what can one do? use SSL (visit https://www.gmail.com instead of the default http://www.gmail.com), set proper preferences and minimize the use of insecure applications at unsafe locations.
Web sites will not use SSL by default.
SSL does not always provide security.
Unfortunately, many sites will not use SSL by default. This is not unique to Gmail. Many applications behave in a similar way. So what can one do? use SSL (visit https://www.gmail.com instead of the default http://www.gmail.com), set proper preferences and minimize the use of insecure applications at unsafe locations.
Leave a comment