Saturday, September 29, 2007

We all noticed a lot of noise on the CSRF attack recently unearthed in Gmail which is really dangerous & can cause harm to many other websites also. [1] [2]

So the question arises, What to do to be SAFE?
Here are few alternatives, select one as per your convenience.

1) POP your mails: I'll again emphasis on POPing the mail over SSL, this way you are not logging on the webmail so you are safe from such attacks, moreover you are on a complete encrypted channel, so more safer

2) Use multiple browsers: Try using different browser for different activities. Say using IE for logging onto webmails & such sites, Firefox for non-login websites, Opera for another such set. No kidding, this is a good way to keep yourself secure

3) Use multiple profiles: If you are die-hard fan of any browser & want to use only that, try creating different profile (if it supports) & fire up the browsers in these profiles. Say "Default" profile for general browsing & "Safe" profile for webmails & other accesses where you use your passwords. You can even secure this "Safe" profile by disabling javascripts & active components like Flash, Java applet, ActiveX etc.


Practise some secure tips to be safe on internet
Safe surfing :)

[1] http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/
[2] http://www.rohasnagpal.com/blog/2007/09/27/can-your-gmail-account-really-be-hacked/

0 comments:

Post a Comment