UK-based graphic and logo designer David Airey recently had his domain name stolen through a security hole in Google's free-email service, gmail. The good news is that, with the support of many of the online public and the help of both ICDSoft and GoDaddy, he has it back.
One of the lessons learned during this period is that using a free email service for business purposes is risky. Several comments on Airey's blog contained information that can diminish the risk for all of us (including bloggers).
- Any web application can be hijacked by taking its session cookie, not just GMail. The increasing sophistication of technology makes it possible for thieves to snatch this information right out of the air. Always use https when accessing webmail, or any other online account. For GMail, go to (and bookmark) https://mail.google.com/
- The Firefox extension CustomizeGoogle keeps all Google domains locked to https (among the many other useful things it does).
- You can set up a regular email client, like Thunderbird, Apple Mail, etc, to access GMail via IMAP. This will pretty much make your mail access immune to cross-site scripting attacks.
1 comments:
Thanks for the kind mention, Anitra!
All the best for 2008.
Post a Comment