On Feb 4, 2008 9:00 PM, Micah DesJardins <[EMAIL PROTECTED]> wrote: > If you use > > https://mail.google.com > > instead of http://mail.google.com it remains encrypted after you log in.
This is not necessarily true. There have been attacks in which Google session ids can be compromised if for a time HTTPS is disrupted. Google then attempts to utilize the non-https session and exposed the id, which can then be used to log into the account without a user/pass combo... -- Kristian Erik Hermansen "Know something about everything and everything about something." --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
