HTTPS and Google Mail

If you use GMail and you're security conscious then you may have noticed that GMail does not automatically use HTTPS unless you actually type https://mail.google.com.

This has been a big issue that got even worse with the recent DNS vulnerability. It's bad enough that your GMail has always defaulted to an insecure connection, but now with the possibility that you might not even be connecting to GMail because of a poisoned DNS cache it's even worse.

There is now a setting in GMail to set your browser connection to "Always use HTTPS". Go, now, and set it. If you don't take advantage of this you're asking for trouble down the road. It's a small effort for the protection it offers.

No comments: