Re: [OT] web email acct compromised
On Wed, 28 Dec 2011 10:56:45 -0600, green wrote:
> Camaleón wrote at 2011-12-28 10:37 -0600:
>> On Sun, 25 Dec 2011 07:47:42 -0600, hvw59601 wrote:
>> > And how is an account compromised? Why pick on me? FWIW I changed the
>> > passwd.
>>
>> Maybe by using a weak password or by leaving your session opened. Try
>> to harden it for the next time and do not use the "remember me" option.
>
> For Gmail, turn on the secure connection option so that the entire
> session is encrypted rather than just the authentication.
>
> http://codebutler.com/firesheep
That will only prevent from cases of cookie session stealing, which are
not very usual on wired networks but on wireless environments running on
untrusted networks (like coffee shops, airports...).
If the user is logged in with that option set, keeps the session opened
and leaves the computer unattended, anyone can start using his account
for their own purposes (sending massively e-mails, changing the
password...). Having a completely encrypted session in the above
situation is useless because the user is already logged.
Common sense is often the best defense.
Greetings,
--
Camaleón
Reply to: