Comments on: GMail Accounts Hacked, Kinda http://uneasysilence.com/archive/2007/08/11739/ Sun, 22 Nov 2009 12:18:29 -0600 http://wordpress.org/?v=2.8.6 hourly 1 By: AlexTheMartian http://uneasysilence.com/archive/2007/08/11739/comment-page-1/#comment-394716 AlexTheMartian Tue, 07 Aug 2007 04:08:56 +0000 http://uneasysilence.com/archive/2007/08/11739/#comment-394716 ok, here is the thing I found out. if you visit "HTTP://mail.google.com" without being signed in, you get redirected to a page with the url staring with "HTTPS://www.google.com/..." for the login page, and then after loging in you get sent back to "HTTP://mail.google.com". Also, if you are already logged in to Gmail, when you visit "HTTP://mail.google.com" you will remain on the HTTP protocol. That is strange. and I have the Gmail Notifier system tray icon, and for some reason that only goes to the HTTP protocol. But then, that program is a few years out-dated, and I just personally hate using Google Desktop :-P Anyone can figure out the reasoning of google for a HTTPS to redirect to HTTP after logging in? ok, here is the thing I found out. if you visit “HTTP://mail.google.com” without being signed in, you get redirected to a page with the url staring with “HTTPS://www.google.com/…” for the login page, and then after loging in you get sent back to “HTTP://mail.google.com”. Also, if you are already logged in to Gmail, when you visit “HTTP://mail.google.com” you will remain on the HTTP protocol. That is strange. and I have the Gmail Notifier system tray icon, and for some reason that only goes to the HTTP protocol. But then, that program is a few years out-dated, and I just personally hate using Google Desktop :-P

Anyone can figure out the reasoning of google for a HTTPS to redirect to HTTP after logging in?

]]> By: Ian http://uneasysilence.com/archive/2007/08/11739/comment-page-1/#comment-394708 Ian Tue, 07 Aug 2007 00:34:23 +0000 http://uneasysilence.com/archive/2007/08/11739/#comment-394708 Do a simple google search for sniffing packets. It's pretty simple to do, but the hard part is isolating the cookie packets to steal. If you actually look further into the DEFCON technique, you'll see that it really isn't just a point and click task. Not yet anyway... Do a simple google search for sniffing packets. It’s pretty simple to do, but the hard part is isolating the cookie packets to steal. If you actually look further into the DEFCON technique, you’ll see that it really isn’t just a point and click task. Not yet anyway…

]]> By: Sameer Sontakey http://uneasysilence.com/archive/2007/08/11739/comment-page-1/#comment-394707 Sameer Sontakey Tue, 07 Aug 2007 00:08:46 +0000 http://uneasysilence.com/archive/2007/08/11739/#comment-394707 So how is this done exactly? Like what sorts of programs can I use to sniff traffic to capture cookies and then hi-jack them (insert them into my HTTP headers?). Just curious... O:) And I guess the only way to avoid this from happening is by using SSL via the HTTPS (https://www.gmail.com). Don't really know why gmail.com doesn't automatically redirect you to HTTPS protocol. So how is this done exactly? Like what sorts of programs can I use to sniff traffic to capture cookies and then hi-jack them (insert them into my HTTP headers?). Just curious… O:)

And I guess the only way to avoid this from happening is by using SSL via the HTTPS (https://www.gmail.com). Don’t really know why gmail.com doesn’t automatically redirect you to HTTPS protocol.

]]> By: Ian http://uneasysilence.com/archive/2007/08/11739/comment-page-1/#comment-394700 Ian Mon, 06 Aug 2007 21:55:42 +0000 http://uneasysilence.com/archive/2007/08/11739/#comment-394700 It would be true for any web service that utilized cookies for session-based authentication. Simply sniff the traffic and steal the cookie, and voila, you're in. Phil, do you mean stealing cookies for POP3 and FTP, or just sniffing to get the login info in cleartext? It would be true for any web service that utilized cookies for session-based authentication. Simply sniff the traffic and steal the cookie, and voila, you’re in.

Phil, do you mean stealing cookies for POP3 and FTP, or just sniffing to get the login info in cleartext?

]]> By: Phil Bridges http://uneasysilence.com/archive/2007/08/11739/comment-page-1/#comment-394692 Phil Bridges Mon, 06 Aug 2007 20:49:43 +0000 http://uneasysilence.com/archive/2007/08/11739/#comment-394692 Surely the same is true for most (http) web based accounts not to mention POP3 and FTP? Surely the same is true for most (http) web based accounts not to mention POP3 and FTP?

]]>