[ale] firefox question

Greg Freemyer greg.freemyer at gmail.com
Mon Aug 6 12:52:49 EDT 2007


On 8/6/07, Preston Boyington <preston.lists at gmail.com> wrote:
> Greg Freemyer wrote:
> > All,
> >
> > With the recent release at Blackhat of the gmail hack:
> >
> > I want to configure Firefox (Linux & Windows installs) to not allow
> > access to http:/mail.google.com, but to allow access to
> > https://mail.google.com
> >
> > Note the http vs. https difference.
> >
> > Is this possible in Firefox itself?  I want to avoid using other
> > infrastructure due to traveling laptops running Windows etc.
> >
>
> I am noticing that when I now type www.gmail.com into my browser(s) I am
> automatically redirected to https:// login.  gmail made adjustments?

As David said (and I just verified at 1pm):

If you enter: http://gmail.com you get redirected to a secure page for
login, but back to a normal http page for normal usage.

It is on the normal usage page that the newly released hack works.

OTOH, if you initially enter https://gmail.com, then you stay in
encrypted pages for the duration of your session and as I understand
it the new hack fails.

Thus my desire to blacklist http://mail.google.com for all of our
corporate PCs, etc.

Greg
-- 
Greg Freemyer
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com



More information about the Ale mailing list