http://www.thestandard.com/node/111935/comments comments feed. en http://www.thestandard.com/news/2008/08/19/optional-gmail-feature-really-bug-fix <!--paging_filter--><p><!--paging_filter--> <p><!--paging_filter--> </p> <p><img src="/sites/thestandard.com/files/u4993/Gmail_logo.jpg" alt="Gmail logo image" align="left" border="0" height="66" hspace="10" vspace="10" width="143" /></p> <p>Last month, <a href="http://blog.washingtonpost.com/securityfix/2008/07/gmail_gains_two_new_security_f_1.html?nav=rss_blog">Google rolled out an SSL feature</a> for Gmail to thwart an exploit brought to them a year ago and later publicly presented at the recent Defcon conference, <a href="http://www.hungry-hackers.com/2008/08/gmail-account-hacking-tool.html">according to Hacking Truths</a>. There was no announcement for the new feature, and it was offered as an option, which I'm willing to bet was largely ignored. </p> <p>Gmail is a perpetual beta, but should still bear some responsibility for its users' security. If they really did have a year to issue a fix, and left it to an optional &quot;feature&quot; with no explanation to their users, they've pushed that responsibility back to their users without even a basic explanation of the protection it provides. If you click the &quot;<a href="http://mail.google.com/support/bin/answer.py?hl=en&amp;ctx=mail&amp;answer=74765">learn more</a>&quot; link, the text provided by Google actually sounds like it's discouraging users from enabling the feature, stating:</p> <blockquote><p><i>&quot;Please note that selecting 'Always use https' will prevent you from accessing Gmail via HTTP (Hypertext Transfer Protocol). In addition, it may make Gmail a bit slower. If you trust the security of your network, you can turn this feature off at any time.&quot;</i></p> <p>&nbsp;</p> <p>&nbsp;</p> </p></blockquote> <p><img src="/sites/thestandard.com/files/u4993/GmailSSL_screenshot.jpg" alt="Gmail SSL feature screenshot image" height="55" width="505" /> <br clear="all" /></p> <p><b>More news, commentary, and predictions from <i>The Industry Standard</i>:</b></p> <ul> <li>Prediction: <b><a href="/predictions/gmail-announces-free-unlimited-storage-space">Gmail announces free, unlimited storage space</a></b></li> <li>News: <b><a href="/news/2008/08/13/gmail-outage-provides-weapon-cloud-haters">GMail outage provides weapon for cloud-haters</a></b></li> <li>News: <b><a href="/news/2008/08/12/google-mobile-app-iphone">Google Mobile App for iPhone</a></b></li> <li><b><a href="/news/2008/08/11/picture-gmail-down">Picture this: Gmail is down</a></b></li> </ul> http://www.thestandard.com/news/2008/08/19/optional-gmail-feature-really-bug-fix#comments co:google product:Gmail Software &amp; Web The Industry Standard Wed, 20 Aug 2008 01:55:33 -0400 Cyndy Aleo-Carreira 111935 at http://www.thestandard.com http://www.thestandard.com/news/2008/08/19/optional-gmail-feature-really-bug-fix <!--paging_filter--><p><!--paging_filter--> <p><!--paging_filter--> </p> <p><img src="/sites/thestandard.com/files/u4993/Gmail_logo.jpg" alt="Gmail logo image" align="left" border="0" height="66" hspace="10" vspace="10" width="143" /></p> <p>Last month, <a href="http://blog.washingtonpost.com/securityfix/2008/07/gmail_gains_two_new_security_f_1.html?nav=rss_blog">Google rolled out an SSL feature</a> for Gmail to thwart an exploit brought to them a year ago and later publicly presented at the recent Defcon conference, <a href="http://www.hungry-hackers.com/2008/08/gmail-account-hacking-tool.html">according to Hacking Truths</a>. There was no announcement for the new feature, and it was offered as an option, which I'm willing to bet was largely ignored. </p> <p>Gmail is a perpetual beta, but should still bear some responsibility for its users' security. If they really did have a year to issue a fix, and left it to an optional &quot;feature&quot; with no explanation to their users, they've pushed that responsibility back to their users without even a basic explanation of the protection it provides. If you click the &quot;<a href="http://mail.google.com/support/bin/answer.py?hl=en&amp;ctx=mail&amp;answer=74765">learn more</a>&quot; link, the text provided by Google actually sounds like it's discouraging users from enabling the feature, stating:</p> <blockquote><p><i>&quot;Please note that selecting 'Always use https' will prevent you from accessing Gmail via HTTP (Hypertext Transfer Protocol). In addition, it may make Gmail a bit slower. If you trust the security of your network, you can turn this feature off at any time.&quot;</i></p> <p>&nbsp;</p> <p>&nbsp;</p> </p></blockquote> <p><img src="/sites/thestandard.com/files/u4993/GmailSSL_screenshot.jpg" alt="Gmail SSL feature screenshot image" height="55" width="505" /> <br clear="all" /></p> <p><b>More news, commentary, and predictions from <i>The Industry Standard</i>:</b></p> <ul> <li>Prediction: <b><a href="/predictions/gmail-announces-free-unlimited-storage-space">Gmail announces free, unlimited storage space</a></b></li> <li>News: <b><a href="/news/2008/08/13/gmail-outage-provides-weapon-cloud-haters">GMail outage provides weapon for cloud-haters</a></b></li> <li>News: <b><a href="/news/2008/08/12/google-mobile-app-iphone">Google Mobile App for iPhone</a></b></li> <li><b><a href="/news/2008/08/11/picture-gmail-down">Picture this: Gmail is down</a></b></li> </ul> http://www.thestandard.com/news/2008/08/19/optional-gmail-feature-really-bug-fix#comments co:google product:Gmail Software &amp; Web The Industry Standard Wed, 20 Aug 2008 01:55:33 -0400 Cyndy Aleo-Carreira 111935 at http://www.thestandard.com http://www.thestandard.com/news/2008/08/19/optional-gmail-feature-really-bug-fix <!--paging_filter--><p><!--paging_filter--> <p><!--paging_filter--> </p> <p><img src="/sites/thestandard.com/files/u4993/Gmail_logo.jpg" alt="Gmail logo image" align="left" border="0" height="66" hspace="10" vspace="10" width="143" /></p> <p>Last month, <a href="http://blog.washingtonpost.com/securityfix/2008/07/gmail_gains_two_new_security_f_1.html?nav=rss_blog">Google rolled out an SSL feature</a> for Gmail to thwart an exploit brought to them a year ago and later publicly presented at the recent Defcon conference, <a href="http://www.hungry-hackers.com/2008/08/gmail-account-hacking-tool.html">according to Hacking Truths</a>. There was no announcement for the new feature, and it was offered as an option, which I'm willing to bet was largely ignored. </p> <p>Gmail is a perpetual beta, but should still bear some responsibility for its users' security. If they really did have a year to issue a fix, and left it to an optional &quot;feature&quot; with no explanation to their users, they've pushed that responsibility back to their users without even a basic explanation of the protection it provides. If you click the &quot;<a href="http://mail.google.com/support/bin/answer.py?hl=en&amp;ctx=mail&amp;answer=74765">learn more</a>&quot; link, the text provided by Google actually sounds like it's discouraging users from enabling the feature, stating:</p> <blockquote><p><i>&quot;Please note that selecting 'Always use https' will prevent you from accessing Gmail via HTTP (Hypertext Transfer Protocol). In addition, it may make Gmail a bit slower. If you trust the security of your network, you can turn this feature off at any time.&quot;</i></p> <p>&nbsp;</p> <p>&nbsp;</p> </p></blockquote> <p><img src="/sites/thestandard.com/files/u4993/GmailSSL_screenshot.jpg" alt="Gmail SSL feature screenshot image" height="55" width="505" /> <br clear="all" /></p> <p><b>More news, commentary, and predictions from <i>The Industry Standard</i>:</b></p> <ul> <li>Prediction: <b><a href="/predictions/gmail-announces-free-unlimited-storage-space">Gmail announces free, unlimited storage space</a></b></li> <li>News: <b><a href="/news/2008/08/13/gmail-outage-provides-weapon-cloud-haters">GMail outage provides weapon for cloud-haters</a></b></li> <li>News: <b><a href="/news/2008/08/12/google-mobile-app-iphone">Google Mobile App for iPhone</a></b></li> <li><b><a href="/news/2008/08/11/picture-gmail-down">Picture this: Gmail is down</a></b></li> </ul> http://www.thestandard.com/news/2008/08/19/optional-gmail-feature-really-bug-fix#comments co:google product:Gmail Software &amp; Web The Industry Standard Wed, 20 Aug 2008 01:55:33 -0400 Cyndy Aleo-Carreira 111935 at http://www.thestandard.com