Sunday, August 05, 2007

Sites confirmed safe from SideJacking

Remember that SideJacking only works if it catches a non-SSL cookie. Any site that uses SSL exclusively would be safe. If you would like me to test a site, then please send us an e-mail.

You are unsafe unless you start from something like "". Also, while this secures your Gmail, you may still be vulnerable if you access other Google properties, such as

I think most all their customers are safe from SideJacking. While I have seen unencrypted connections, the default is to use complete SSL encryption which makes it safe from eavesdropping. If you are worried about this, I suggest you make sure "Require secure connections (https)" set to prevent accidental use of non-SSL. I am frankly impressed by's commitment to security -- this is far better than any other Web 2.0 application that I've seen. They set the standard that others should follow in order to deal with this problem.

No comments: