Last time someone came out with a Gmail exploit, it was possible to completely hijack your account with just email filters. This time around, hackers found a way to break into your account via "session" cookies. Mike Perry — a reverse-engineering specialist in San Francisco — is debuting a tool at Defcon that can sniff out the browser's cookies during your session of email crunching. When you click on links from inside email messages, website operators can use that Gmail cookie and be able to find out your account information and password.
- Log in to Gmail and click "Settings."
- In the General tab scroll down to "Browser connection."
- Make sure "Always use https" is selected and save changes.
Seems kind of odd that Google wouldn't set this up automatically but, hey, at least you can access your email — unlike those Apple dorks, right?
