Ask questions via twitter! Message any question to @answers on twitter. We'll publish the question and send you a reply each time there's a new answer.
Next Question

Answered Question

greggsewe... greggsewe...
 
M$1 April 23, 2009 02:23 PM

Is it dangerous or risky to leave Gmail open in a web browser throughout the day?

I've heard that a potential security risk is involved in doing this, but cannot locate the source of that info.

It would be better for me (less work) to leave Gmail open all day long instead of constantly reloading it.
Interesting Question?  Yes (2)   No (0)   

Interesting: interzone, xds

RSS
 
 

Best Answer  Chosen by Asker

xds xds
 
 April 23, 2009 06:42 PM
YES .

It really all depends on what type of network you are on.
And who has access to your computer.

Watch these videos

http://en.wikibooks.org/wiki/Metasploit/VideoTutorials

Especially with the existence of SSL and XSS man in the middle attacks using metasploit, and/or milw0rm, and now that "hackers" have created a hole OS around wireless injection, cracking and cookie stealing.

On the other hand however.

If you can make sure that handshake information between you and your mail provider (In this case google) isn't exchanged for more than the time you first login, then this actually might help in a sense.

Like i said...
It really all depends on what type of network you are on.
And who has access to your computer.

I would seriously start looking into OpenID they are revolutionizing the way people log into web sites, get their data, and keep it safe.

Kind Regards,
XDS
Source(s):
ISC2 Certs.
Experience.

Asker's Rating:
• Thanks for the wealth of detail. You went beyond the assumption that my question (not as specific with details as it could have been) was primarily about whether another human had physical access to my computer to the ins and outs of scripting and software.


Helpful Answer?  (0)   (0)    Tip xds for this answer
Permalink | Report
   Reply  
 
 
xds xds
 
April 23, 2009 06:59 PM - New Source
By the way here is some more information on SSL man in the middle atacks.

http://sce.uhcl.edu/yang/teaching/csci5234WebSecuritySpring2008/secure%20Sockets%20Layer%20(SSL)%20Man-in-the-middle%20Attack.htm

There is no way to really protect against these type of attacks if you are using a wireless network unless you are using WPA2 with A Radius based encrypted key that changes daily and is longer than 25 characters.

These certs can be just plucked out of the air without you even knowing.
Combining this with cookie stealing and the UNSUB will have your completely handshake to access your account.

Here are some screenshots from the WiFiZoo program available in backtrack
(which is a security based OS currently based on debian)

http://3.bp.blogspot.com/_vZAp7b1QDw8/R3UqV-pkSbI/AAAAAAAAAHw/WIP37zEVo7k/s400/wifizoo.jpg

http://3.bp.blogspot.com/_vZAp7b1QDw8/R3UrI-pkSeI/AAAAAAAAAII/aHSBPIvvgB4/s400/wifizoo1.jpg

Scary stuff.

Report
 
 
xds xds
 
April 23, 2009 08:30 PM
You are very welcome, i would hope in the future that more people get involved in the OpenID project to help keep there information safe without having to sacrifice there personal freedoms or give up anything they don't have to.

And to end the mood I give you cluster one. =P

http://www.youtube.com/watch?v=6b7Jcw4B3hc

Report
 
 

Other Answers (3)

Sort By
pazaq pazaq
 
April 23, 2009 02:33 PM
If there is physical access to your computer & you have something you need/want to protect in that mail account then of course the answer is yes.

I think your talking about a cross site scripting exploit. It happened a long time back and has since been fixed.(And seems to be removed from google's brain.)

If you use firefox and NoScript plug-in such things have no success.

Hope that helps!
Source(s):
Me. I'm in IT. I do this stuff all day.


Helpful Answer?  (3)   (0)   

Helpful: dumblonde, viridicus, interzone

Tip pazaq for this answer
Permalink | Report
   Reply  
 
 
philipy philipy
 
April 23, 2009 07:15 PM
What are the pros and cons of the NoScript plug-in?

Does it disable stuff that you might want to allow as well as exploits?

Report
 
 
pazaq pazaq
 
April 25, 2009 02:16 AM
Yes and No. You can okay an entire site. So if you know a site is safe. IE google.com amazon.com...

But in this case were talking about cross site scripting. If a site employs this I would simply not use it. It's such bad form that they could be causing a problem even if they are not meaning to intentionally.

Report
 
 
dumblonde dumblonde
 
April 23, 2009 02:34 PM
If anything, the security risk is present if you leave it on all day on a computer that other people can access. But if you leave it on all day on your own personal computer in your house or private office, i don't see the problem.
I'm sure the security risk they mean is a stranger getting into your email so it's more who owns the computer and where it is rather than just the sole fact of leaving gmail logged on.

Helpful Answer?  (1)   (0)   

Helpful: interzone

Tip dumblonde for this answer
Permalink | Report
   Reply  
 
 
cypheron cypheron
 
April 23, 2009 02:35 PM
If you leave it open, anyone who can use your computer (either physically or remotely) would have access to your Gmail account. That's the big concern. You shouldn't worry about cross site scripting or similar issues if you use an up to date web browser.

But on a theoretical level, the best security practice is to close it whenever you're not using it. If you have to ask whether or not you need to be "theoretical" about email security, you probably don't.

Helpful Answer?  (1)   (0)   

Helpful: interzone

Tip cypheron for this answer
Permalink | Report
   Reply  
 
 

Answer this Question

How tips and payments work

This question has already been resolved. You may add an answer to it but you will not be eligible to win best answer or any associated tips.

Related Questions

View All Email Questions

Ask a Question


140 characters left
Top of Page
Buy Mahalo Dollars with Credit Card or PayPal

Top Members

This Week All Time
  • buddawiggi
    buddawiggi
    2nd Degree Black Belt
    28354 Points
    M$813.91 Earned
  • opher
    opher
    Purple Belt with a Brown Tip
    5119 Points
    M$210.34 Earned
  • annelisle
    annelisle
    Purple Belt
    3596 Points
    M$110.02 Earned
   See All
 

Most Popular Tags

mahalo(1701)
twitter(965)
music(482)
iphone(476)
google(372)
food(331)
internet(309)
online(303)
beer(282)
money(275)
movies(268)
apple(255)
facebook(245)
aotd(235)
answers(234)
health(224)
video(211)
free(210)
dog(206)
windows(200)
   See All
 

Categories

Welcome New Members


 
 
Mahalo Dollars are the currency of Mahalo Answers.

Each Mahalo Dollar costs $1.

Once you earn more than 40 Mahalo Dollars, you can request to be paid via PayPal. Each Mahalo Dollar is currently worth $0.75 when paid out via PayPal. Learn More

 
 

Please log in to use this function.

Answers Home | Ask a Question | Earn Points | How Tips Work | Widget