Op de DefCon hackers conferentie in Las Vegas is een applicatie gepresenteerd die het mogelijk maakt om de Google accountID's van onbeveiligde sessies in Gmail op te vangen. The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the attacker can log in to the account without the need of a … Lees verder »