RE: Gmail and https

["Murda Mcloud" <murdamcloud () bigpond com>]

I seem to remember something to do with sidejacking and ssl gmail sessions
too-will see if I can find the link.
So your ssl session is as secure as the wireless session is.

Here is the link-watch the wrap, people.
http://arstechnica.com/news.ars/post/20080201-report-google-mail-vulnerable-
to-sidejacking-despite-ssl.html



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Mike Hale
Sent: Tuesday, February 12, 2008 4:12 AM
To: Albert R. Campa
Cc: Mohammad Tina; security-basics () securityfocus com
Subject: Re: Gmail and https

You guys should confirm that it actually is using SSL.  Run wireshark
and see if you can catch any plain text.  If I remember correctly,
someone ran some tests a while back and confirmed that even though it
was SSL for some portions of the page, your email was still in plain
text.

- Mike

On 2/11/08, Albert R. Campa <abcampa () gmail com> wrote:
> I believe it is. Although with gmail Manager firefox addon, there is
> an option to use secure connection, so my url always says https.
>
>
>
> On Feb 8, 2008 1:49 PM, Mohammad Tina <mohammad.tina () googlemail com>
wrote:
> > Hi,
> > I notices recently that gmail after you logon the header in the
> > address bar is http not https?
> > is that normal?
> >
> >
> >
> > --
> > /Mohammad N. Tina


-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0