Categories
Computing

Vulnerability in Google’s handling of SSL and session IDs

Wired’s Threat Level blog covers the vulnerability in Google’s handling of SSL and session IDs.

One of the big stories at DefCon last year was a security researcher’s demonstration of wirelessly sniffing users’ session cookies while they accessed their e-mail accounts or conducted e-commerce transactions via wireless networks. The attack allowed a hacker access to the victim’s Gmail or Hotmail account without needing to decipher the user’s password.

Now the security researcher who presented that info has found that even using SSL HTTPS to access your Gmail account — which was touted at the time as a surefire way to protect Gmail users against such an attack — is vulnerable to this hack.

Additional coverage at The Register.

By Matt Wharton

Matt Wharton is a dad, vlogger and IT Infrastructure Consultant. He was also in a former life a cinema manager.

Blogging here and at mattwharton.co.uk

Watch our family's vlog at YouTube

Follow me on Twitter