We all noticed a lot of noise on the CSRF attack recently unearthed in Gmail which is really dangerous & can cause harm to many other websites also. [1] [2]
So the question arises, What to do to be SAFE?
Here are few alternatives, select one as per your convenience.
1) POP your mails: I'll again emphasis on POPing the mail over SSL, this way you are not logging on the webmail so you are safe from such attacks, moreover you are on a complete encrypted channel, so more safer
2) Use multiple browsers: Try using different browser for different activities. Say using IE for logging onto webmails & such sites, Firefox for non-login websites, Opera for another such set. No kidding, this is a good way to keep yourself secure
3) Use multiple profiles: If you are die-hard fan of any browser & want to use only that, try creating different profile (if it supports) & fire up the browsers in these profiles. Say "Default" profile for general browsing & "Safe" profile for webmails & other accesses where you use your passwords. You can even secure this "Safe" profile by disabling javascripts & active components like Flash, Java applet, ActiveX etc.
Practise some secure tips to be safe on internet
Safe surfing :)
[1] http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/
[2] http://www.rohasnagpal.com/blog/2007/09/27/can-your-gmail-account-really-be-hacked/
0
comments
Saturday, September 29, 2007
Subscribe to:
Posts (Atom)