Tuesday, September 2, 2008

Gmail users, do this.

Someone figured out how to get into a gmail account without permission. Sound scary? Welcome to the internet.

Before you get too excited, here's what I've gleaned from the article:
  • For it to work, someone has to send you a specially-crafted email with pictures in it
  • You had to open that email in a browser (not in an email client like Entourage or Outlook)
  • You had to "download" the pictures (by default gmail doesn't show non-embedded images in emails)
  • And you had to not be using a secure connection

This just came out today, so your chances of having your account compromised are slim.

And the fix is easy. Go to Gmail, click on "Settings" in the upper right, "General" tab, and click this setting:Always use https
Your email might be a little slower, but for people with broadband they're not likely to notice. Use Google Notifier? Looks like you'll have to upgrade it...

I recommend not downloading pictures in any email you don't *really* trust. Spammers embed your email address in the image requests in their emails, so they can tell that your email address is good just by you viewing the email.

Sorry, mom, I wish the internet world was a safer place for the innocent move about. But that's why you have me, right? =)

No comments:

Does anyone read this thing?

views since Feb. 9, 2008