Skip to main content

Posts

Showing posts from February, 2012

Securing Gmail

For heavy users of Google services, the gmail account has over the years evolved into a "Google account" and holds the key to an increasing amount of our online activities and presence. Judging from a random sampling of the gmail support forum or some reports in the press (E.g. this recent article from the Atlantic Magazine ) - gmail account hijacking is an increasingly widespread and serious problem. Stolen account IDs from major web-mail providers (gmail, hotmail, yahoo mail etc.) seem to be collected and used at industrial scale for spam generation and fishing for  419 style advance fee fraud  schemes like the infamous " mugged in London " scam described in the article above. The mechanics of some common threats used to steel account passwords is described in this blog post in some detail, but in short it boils down to weak passwords, password re-use and password sniffing malware. Given how prevalent malware infestations are on major OS platforms, even use