Last time someone came out with a Gmail exploit, it was possible to completely hijack your account with just email filters. This time around, hackers found a way to break into your account via "session" cookies. Mike Perry — a reverse-engineering specialist in San Francisco — is debuting a tool at Defcon that can sniff out the browser's cookies during your session of email crunching. When you click on links from inside email messages, website operators can use that Gmail cookie and be able to find out your account information and password.
To combat this problem, Google released a new feature for Gmail that lets users login and use Secure Sockets Layer (SSL), but it's not automatic. Here's how to set it up:
- Log in to Gmail and click "Settings."
- In the General tab scroll down to "Browser connection."
- Make sure "Always use https" is selected and save changes.