Gmail Notifier

I was wondering about the gmail notifier firefox plugin, if it uses a secure connection when transmitting your user name and password for login?

Quote:

I was wondering about the gmail notifier firefox plugin, if it uses a secure connection when transmitting your user name and password for login?
[/b]

If it doesn't I'm in trouble

The reason that i ask this is because today a friend of my wrote an email saying WHAT and i did not know what he was talking about, and then looked back @ the previous email that i sent him and it said f**k you then which i did not send him and would never have, and also it said that i sent it today @ 8:39 am and @ that time, i was fast asleep and my computer was even off! So just makes me wonder about the security of the gmail notifier. I have since changed my password and am not letting the gmail notifier log in automatically.

So could anyone explain this one to me :blink:

your account was hacked?

who knows..

if your wondering if gmail notifier sends your user and password in the clear then use ethereal to sniff your packets and then take a looksie inside the packets being generated by gmail notifier. Pretty simple trick.

How do you know which are the packets from gmail notifier?

well that would depend on several things. Turn off any other talktaive network program. And you would have to know on what ports Gmail notifier talks on. As i dont use Gmail notifier i am afraid i cant help you much further than suggesting a packet sniff and then decode to see if you notice anything. Rather technical bit of work though.

I dont know your background in networking but suffice to say you need a pretty strong understanding of what types of packets are what, what they are called and how to understand the rather arcane information provided by your sniffer. Welcome to hacking. some folks think this kinda stuff is fun. I only do it to combat virii and network worms. Others enjoy reading whats being sent out on the local networks. After all how do you think people figgured out that the microsoft "genuine advantage" tool was "calling home" periodicly?

Well installed ethereal and i think gmail notifier uses tls to transmit, and even then it uses verisign to encrypt and decrypt information.

so gmail talks only encrypted.. nice to know eh? Wonder how someone got your gmail pw?

or more likely they were spoofing addresses on you. Sometimes the spoofs are pretty **** good too. Seen one sent to me by myself 0_0 all my checking eventually revealed what they were up to.. but man, i had to DIG.

Get your mate to forward the mail to you as an attachment and check the header.

Hi all,

Just made an interesting discovery regarding this gmail thing. I was watching the latest episiode of dl.tv and there they were talking about gmail and secure connections. I could not work out what they were talking about, but then it hit me just a few minutes ago when i was checking my gmail. Ok so when you log in, the connection is encrypted for entering your username and password(https), but then once you are logged in the secure connection is gone (http)! So that is how i got hacked, by someone hacking my session while i was in gmail.

So if you prefer to have your emails not get hacked, add and s after the http once you are logged into your gmail!

I am just a bit outraged, as i thought that when you were using gmail, the connection is secure even after logging in!

So gmail users be warned !