Tuesday, November 02, 2010

Web 2.0 Report Card

George Ou over at Digital Society has created a "report card" for the various Web 2.0 services like webmail providers and Facebook.

Of the major webmail providers in the U.S., only Gmail is secure against sidejacking attacks. Yahoo Mail and HotMail are insecure, and can be compromised quickly. There are still a lot of HotMail users out there -- they are fools.

I talked to the people at Microsoft responsible for fixing this problem ALMOST THREE YEARS AGO. Yet, they've done nothing about fixing this huge hole. I just tried it out today -- while FireSheep looks a bit funky (it doesn't correctly show the user name), it easily hacks into HotMail accounts.

2 comments:

Larry said...

I use Thunderbird to download and read my gmail. Does this mean I am subject to hijacking even though gmail is secure?

George said...

Larry,

Gmail has the option to use POP3 and SMTP with SSL/TLS encryption. I would highly recommend that you enable these features in your email client.