Sunday, August 5, 2007

Hacking Gmail

Web 2.0 is a stupid idea in more ways than one, and today it proves to be a security risk too. I get my e-mail from a secure Microsoft Exchange IMAP server, but that's not affordable to some so they choose the free Gmail -- Gmail that you access through a web browser and uses all these "fancy" AJAX techniques. What does free buy you? Nothing. Nothing of quality and substance, and now it turns out that it doesn't give you anything secure either.

It turns out to be very easy to hack a Gmail account:

I've just received an email that says "I like sheep", but it wasn't sent by my friend – it was sent by a hacker posing as my friend. At the Black Hat security convention, Robert Graham, the CEO of errata security, surprised attendees by hijacking a Gmail session on camera and reading the victim's email. He went even further by demonstrating the attack to us in person, taking over another journalist's Gmail account and then sending us sheep-loving emails.

Hah!