How to hack a gmail account?
At Defcon, hackers demonstrated a tool to hack into GMail accounts by using snooping unencrypted data (man-in-the-middle attack) with cookies which GMail uses for everything other than login by default.
Now Google has introduced the ability to optionally encrypt any transmission to / from GMail and not just the login sequence. Previously login sequence was encrypted only. All other data was transmitted unencrypted making it vulnerable to hackers. That means every email, every article that you are reading on your GMail account is transmitted unencrypted over the web.
This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once the hackers gets the session ID, hacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are more vunerable than the ones using secure wired networks.
How to protect your GMail account from hackers?
The solution is very simple. After logging in to GMail go to Settings (General tab). At the bottom of the page you will notice Browser Connection. Change it to Always use https. Now save the settings. In Google’s words:
How To enable this feature
1. Sign in to Gmail.
2. Click Settings at the top of any Gmail page.
3. Set ‘Browser Connection’ to ‘Always use https.’
4. Click Save Changes.
5. Reload Gmail.
You are done! That’s all you need to protect your GMail account from getting hacked.
Side effects of securing your inbox.
1. GMail may become slightly slower.But if your emails are safe i say its acceptable.
2. Gmail Notifier users must download a patch for GMail Notifier (Gmail Notifier is a downloadable application that alerts you whenever you have new Gmail messages) to work with this setting. To install the patch follow these steps:
2. Open the folder.
3. Double-click the notifier_https.reg file.
4. Click yes when you’re asked to confirm if you want to add the information to the registry.
5. Restart the Notifier.
3. You may see errors in the Gmail for mobile application from enabling this setting. The specific errors vary by device, but in general you’ll see ‘unexpected error’ or have the app suddenly quit on you.If you have the (If you need to find the version number of the application that’s installed on your mobile phone, please select Menu > More > Help. The version number and platform will be displayed.), you can work around these errors by also enabling the app’s own ‘ setting from your device and then signing out:
1. Select Menu >Go to Settings.
2. Check the Always use secure network connections (slower performance): option.
3. Make sure the ‘Always keep me signed in’ option is NOT checked (in order for you to sign out).
4. Save your changes.
5. Select Menu >Exit Gmail.
6. Restart the app and sign in.