Security Basics mailing list archives

Re: newbie question

From: nospam <nospam () dranem org>
Date: Thu, 07 Sep 2006 11:41:31 -0300

Yes gmail CAN and DOES [not by default] use SSL
When on an untrusted network
I start the session from
https://gmail.google.com

and It Maintains the session in SSL until I log out

steve

Bora Dal wrote:

 I think GMail uses SSL (https://....) by default; it certainly
supports it.  If you can connect directly to Google, that's probably
good enough.


Gmail does not use SSL in all phases of the your "mail experience". If
you take a look, SSL is used just in the initial login phase, sending
your credentials with SSL. The rest of the communication takes place
without the cover of encryption.

In my opinion the safest gmail use is done through enabling POP3 and
SMTP with "delete the mail from gmail mailbox after its retrieved
option" set. The mail dropped into the local mailbox should be
secured, ofcourse thats another story :)

Regards,

Bora Dal, CISSP, CISA

---------------------------------------------------------------------------

This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: newbie question, (continued)
- - - Re: newbie question Ayaz Ahmed Khan (Sep 07)
    - Re: newbie question jm (Sep 08)
- Re: newbie question Colin Copley (Sep 05)
- RE: newbie question Robert D. Holtz - Lists (Sep 06)
- Re: newbie question Muiex (Sep 07)
- Re: newbie question krymson (Sep 06)
  - Re: newbie question Matt Davis (Sep 07)
- RE: newbie question Bora Dal (Sep 06)
  - Message not available
    - Re: newbie question Paul Rochford (Sep 07)
    - Re: newbie question Matt Davis (Sep 08)
  - Re: newbie question nospam (Sep 07)
  - RE: newbie question Tom Crimmins (Sep 07)
    - Re: newbie question javier rojas (Sep 08)