forum.techrabbi.com - GMail Security question

Forum start - Register

New message

You got 0 new message(s) in your inbox

To inbox Close

Forum start > web > new features > GMail Security question

Quickview

Author

Thread

cds0528
Researcher
avatar

Location: other side of the world
Registered: 6/27/2006 Warnings: 0

GMail Security question
http://sitekreator.com/satishtalim/index.html

This isn't really a new feature, more like a discovered feature. what it is is if you go to https://mail.google.com as opposed to http://mail.google.com (notice the "s" in the first one). the normal login is secure obviously, to protect your password, but once you login your session isn't secure, which is typical of free webmail (i don't know of a free webmail service that is secure). if you add the "s" at the end of the http, not only will your login be secure, but your entire session is secure (!!). Checking the security certicate, the encryption type is AES-256 256bit encryption. Am I correct in assuming that anything I send/receive on this secure connection is unviewable by people who might want to (no comments please)? I was under the impression that certain types of 128bit were virtually uncrackable (security now had an episode about this, something like one computer taking 60 years or something), so 256 I would assume is even better, but the types of encryption is something I'm not too familiar with.

__________________
"The glass is neither half-empty or half-full, it's twice as big as it needs to be."

10/10/2006 09:19

Link - Ip: Logged - Quote:

byerspc
Admin
avataren

Location: South Bend, IN
Registered: 4/14/2006 Warnings: 0

Yes in fact on hak.5 they recommend this because you can use a sniffing tool on public wifi to read peoples email and passwords if they are not using encryption. "They did it to some guy at a starbucks"

__________________
byerspc
byerspc@gmail.com

10/10/2006 18:23

Link - Ip: Logged - Quote:

cds0528
Researcher
avataren

Location: other side of the world
Registered: 6/27/2006 Warnings: 0

Cool... very cool. this would apply to emails i send right if you know what I'm getting at? you can't be too careful here.

__________________
"The glass is neither half-empty or half-full, it's twice as big as it needs to be."

10/10/2006 20:24

Link - Ip: Logged - Quote:

byerspc
Admin
avataren

Location: South Bend, IN
Registered: 4/14/2006 Warnings: 0

correct any email would be encrypted. very neat stuff.
Any other traffic of course would not be encrypted although there are tools for that out there as well - I believe.

__________________
byerspc
byerspc@gmail.com

10/11/2006 19:55

Link - Ip: Logged - Quote:

PBMiller
Researcher
avataren

Location: North America
Registered: 6/28/2006 Warnings: 0

so your saying that if i sent an email while in the https to someone else who received it while in https and responded to it that the two of us would be the only ones able to know what it read?

__________________
if (all == Apple){
world = peace;
}else{
world = M$ && war;
}

10/12/2006 19:43

Link - Ip: Logged - Quote:

byerspc
Admin
avataren

Location: South Bend, IN
Registered: 4/14/2006 Warnings: 0

FYI Steve Gibson recently talked about this on the last episode of SN

The idea is this. If you encrypt email it is of course unencrypted by the ISP where it is stored etc. The catch is this ....if your ISP is say Google then the only people that could unencrypt the email is google.

If you were to POP your email for instance this would not necessarily hold true....not sure if I explained it very well. I bet my brother could explain it better or listen to the latest SSN episode.

__________________
byerspc
byerspc@gmail.com

10/13/2006 14:47

Link - Ip: Logged - Quote:

cds0528
Researcher
avataren

Location: other side of the world
Registered: 6/27/2006 Warnings: 0

I remember listening to that the other day and he scared me for a second, but brandon, if you were to go to https://mail.google.com, and send me a message, and i were to go to https://mail.google.com, google itself could see if if they wanted too, but they would be the only one (i'm saying this because i want to be positive that i'm right?)

__________________
"The glass is neither half-empty or half-full, it's twice as big as it needs to be."