Stoppering GMail’s default security problem

At this year’s DefCon, a security problem inherent to the default settings in GMail was unveiled. The problem is that, by default, GMail does not use encrypted sessions.

This can be a problem if you use public computers, because the session key might be retrievable. With the session key in hand, access is apparently simple enough to gain.

Luckily, this is simply corrected. Here’s how:

    • Log in to GMail
    • Go to “settings”
    • In the General tab, find the “Browser connection” setting
    • Set it like so:

Always use https





By posting a comment, you consent to our collecting the information you enter. See privacy policy for more information.

This site uses Akismet to reduce spam. Learn how your comment data is processed.