Hack Gmail

As with any hacks or cracks mentioned on this site, they are not here to allow the malicious to break security, but to alert everyone to possible problems that someone might exploit against them. So, as with my recent hack Windows XP limited user account item, the point of publishing it was to alert uninformed sysadmins, parents, teachers, and others who have limited users on their network to the fact that a program exists that can break into an admin user account on Windows XP.

Anyway, the recent Defcon hacker’s conference saw dozens of security experts embarrassed to see their logins, usernames and passwords via the wi-fi network displayed for all to read on the conference giant display. They had all failed to hide their GMail accounts with a little s for security - using http:// instead of https:// (it adds ssl, secure socket layer, to the connection) which I mentioned here in August 2007. If only they’d have been reading Sciencetext, they would have known.

Adding the little s for all your webmail connections encrypts them and makes them secure, but it’s not a default setting in GMail. The thing to watch out for is that Gmail reverts to http:// even if you use httpS:// for the initial login. However, Google has finally added it as an option, although those of us using Better GMail in Firefox have had this setting for months. Brian Krebs recently highlighted this and another security hack for Googlemail.

By the way, this kind of issue is another reason to use Hotspot Shield to create a virtual private network (VPN) when you’re using a public wi-fi hotspot.

Also, watch out for the sneaky variation on phishing that offers you the chance to hack GMail but involves sending your own password to the program to do so…thereby making you the victim!