Hacker News new | past | comments | ask | show | jobs | submit login
Gmail Account Hacking Tool (hungry-hackers.com)
13 points by aneesh on Aug 20, 2008 | hide | past | favorite | 5 comments



FYI, the process has been simplified with a security tool called Surf Jack.

See http://enablesecurity.com/2008/08/11/surf-jack-https-will-no... for more information. The Internet -- it's a fragile thing.


Most sites have this well-known (?) security issue... Hardly new and surprising.


Yeah, and targeting Gmail in isolation seems pointless


Um, HTTPS will save you.

(oops, I was referring to the link in the "surf jacking" comment below/above by sd)


I think the concern is that HTTPS is necessary, but not sufficient for security. If you use HTTPS on your site, but send cookies without the secure flag, then it is possible for someone to trick the user into acquiring (or otherwise obtain) standard HTTP content. Setting the secure flag requires that all content sent relative to the cookie be from HTTPS. Hopefully, that makes some sense.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: