So, I’m sitting here at the office because my apartment has no power. I’m bored out of my mind, so I wrote up a handy little tid-bit of information for those of you using Gmail.
For those of your who use GMail (and if you don’t, why not?!), I’m going to strongly suggest you protect yourself from man-in-the-middle attacks by setting the https only mode in Gmail. A MITM attack can steal your login credentials, as well as anything else you transmit in the clear over the Internet (which is pretty much everything) and is easier than you might think.
To do this, open your gmail settings (found at the top right of the page).
Ensure that you have the general tab selected (it’s the leftmost tab).
Scroll down to the bottom to the browser connections section, and make sure you select “always use https”. Feel free to click on the link as well to learn more.
Firefox 3 will always let you know that a page is being transmitted over https by turning the area to the left of the location bar (called the identity button) blue like so:
This is a serious issue. If you have any questions about this, or this type of attack, feel free to ask and I’ll be happy to answer (or find out the answer if I don’t know). Security is serious business, and I want you to be as safe as you can be.