Greasemonkey script blocks Gmail cookie-theft attacks

By now, you're probably read about Robert Graham's Black Hat presentation (.pdf) on hijacking Gmail accounts by wirelessly sniffing non-SSL session cookies.

Greasemonkey script secures Gmail from cookie-theft attacks
By now, you're probably read about Robert Graham's Black Hat presentation (.pdf) on hijacking Gmail accounts by wirelessly sniffing non-SSL session cookies.

The attack technique, called SideJacking, uses two homegrown tools -- Ferret and Hamster -- to sniff cookies from connections to unsecured Wi-Fi networks.

Careless Google account users are vulnerable because Gmail, Google Calendar, YouTube and Blogspot all default to "http:" instead of "https:" (which is available) at login.

It's a safe bet that Google will tweak this default but, in the meantime, there's a new Greasemonkey script that offers another layer of protection to Firefox users.

Created by Mark Pilgrim, GMailSecure forces Gmail to use a secure connection for all logins by redirecting  http://gmail.google.com/ to https://gmail.google.com/.

Here's Pilgrim's explanation of how GMailSecure works in the background to protect against things like SideJacking.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All