Recent research suggests the popular web based websites, Microsoft Hotmail, Yahoo Mail, Facebook, and MySpace should look at introducing Hypertext Transfer Protocol Secure (https) on all sessions not just using encryption to mask login information.
Google does offer HTTPS on the login information but the default web sessions are not encrypted, leaving users sessions open to “session hacking”. It does however offer an “Always On” HTTPS option for Google GMail, but not by default. You also need to know where to find this option. One of the possible reasons for not offering “HTTPS” by default, is the affect it would have on the performance of Google’s servers.
We think that you should have a secure connection! So, just for you, here is how you can enable the “Always On” HTTPS option in Google Mail:
Remember, it isn’t that difficult to hijack sessions on any cookie-based web application. A hacker only needs an IP address to hijack popular webmail programs like Microsoft Hotmail and Yahoo! Mail and then someone has access to your personal emails – they can even read and send emails, copy or delete your contacts and more… you have been warned!
Safe surfing folks!