SciTech

Google has plugged one of the biggest security risks associated with using its free hosted Gmail mail service, still in beta after four years. You can now select an option in your account preferences to make every session require an encrypted Web connection. I wrote about a number of Gmail vulnerabilities that researchers had found in "Sidejack Attack Jimmies Open Gmail, Other Services," 2007-08-27.

Gmail requires a secure connection for your login details, regardless of whether or not you start with the secure Gmail site address. However, if you start at the non-secure Gmail site, Google redirects you back to an unencrypted Web connection after login. That's always been a mistake on Google's part because your messages would pass in the clear. The sidejacking attack referenced above also proved that someone could intercept your Google session token and have full access to your Gmail account.

Google explained in its Gmail blog that the service has added a Browser Connection option at the bottom of its Settings > General view that lets you select "Always use https," which is the protocol name for a URL that makes your browser start up a SSL/TLS encrypted connection with a Web server.

The Google blog also noted a link that's now at the bottom of the inbox that provides account activity details, as well as a way to sign out sessions initiated from other machines. In my case, for instance, I see several recent sessions: a browser connection last night from home, and IMAP connections from my iPhone for retrieving recent email automatically. (Google is in the process of rolling this feature out, so it may not appear for you quite yet, as it didn't for Adam Engst).

These two changes improve Gmail's security dramatically. I recommend you turn on the https setting immediately.

 

Copyright © 2008 Glenn Fleishman. TidBITS is copyright © 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.

By glenn@tidbits.com (Glenn Fleishman). [TidBITS: Mac News for the Rest of Us]

MIT Professor Daniel G. Nocera has developed a simple method to split water molecules and produce oxygen gas, a discovery that paves the way for large-scale use of solar power.

I have two words FREE ELECTRICITY! The world will dramatically change. The USA needs to lead the change.

Your Computer As Your Singing Coach.

[Slashdot]

What do you get when you combine molecular biology, hippie culture, interpretive dance, and Jaberwocky?

Tomorrow Never Knows: Lyrics, AMG, Wikipedia

Whithin You Without You: Lyrics, AMG, Wikipedia

OK I know it's a total geek thing but this will make life easier on the administrator and user.

Many users are surprised to learn that you can address many of iTunes' power-user shortcomings, especially those relating to media and metadata management, via AppleScript. But you don't need to know the ways of AppleScript to take advantage of this functionality; that's where Doug's AppleScripts for iTunes comes in. A labor of love put together by Doug Adams (no, not that Doug Adams), this massive resource serves as a comprehensive repository for iTunes-focused AppleScripts[~]currently 416 of them. You read that right: there are currently 416 AppleScripts for iTunes on Doug's site; some written by Doug himself, others submitted by readers. It's the Mac OS X Hints, if you will, of iTunes AppleScripts