Gmail security? Well at least start with customizegoogle

I’ve been looking around certain Gmail topics, including how to wipe out everything from your Inbox (I will talk about that in my next post) and one of the things I was interested in was ’security’.

If you are a gmail user and you are a firefox user, then consider taking a look at customizegoogle.com

I’m not affiliated with that site by any means, and I dislike the fact that it looks more commercial than good, but the reality is that along with their promises of being spyware-free, it really does a good job when it comes to protecting your communication with gmail.

Included with that firefox plugin are lots of other features, such as disabling google ads while you search @ google or while you’re inside gmail. But the one I care the most is a feature that forces SSL everytime you surf your mail @ gmail.

Why do you need that? Simple. Head your browser to www.gmail.com - you will find that you are automatically redirected to the SECURE version, yes. However, the point of that is for protecting your username and password while logging in (otherwise it would be sent in plaintext through the network)

The problem starts right after you have logged in. You will notice that you’re no longer in a secure version under SSL but rather back to the standard http:// protocol. You can switch back to the secure version manually, that is, by modifying the Url and adding that extra ’s’ after http, making it https:// - However once is ok, twice.. fine, but three times, or every single time you log into gmail remembering to switch back to the secure version is a freaking pain in the behind. Not to mention that once you’ve realized you are in the insecure version, your e-mail headers (that e-mail list with extracts from the e-mails you received) have already been sent plaintext to you.

If you add to that my other post where I mention FireGPG and GPG4Win (http://www.penetrationtests.com/blog/2008/05/07/it-looks-like-the-gpgfirefoxwindowsgmail-puzzle-is-solved/) then you have plenty of security added to the default gmail package.

Check it out, it’s worth it!

Good luck.

 

Posted in Hardening, Tools on 05/29/2008 07:15 am by Consultant
 
   
  • © 2009 penetrationtests.com