Even SSL Gmail can get sidejacked

When Robert Graham demonstrated how Web 2.0 wasn’t safe at last year’s Blackhat, it was thought that at least the SSL mode (HTTPS) of Google Gmail would be spared from sidejacking. That presumption now appears to be false according to this updated blog posting from Graham. Even with SSL enabled, Gmail sessions can still be hijacked by Graham’s Hamster and Ferret (or less easily with Wireshark and Mozilla’s cookie editor).

Read the article HERE.