[ale] firefox question

Randy Ramsdell rramsdell at livedatagroup.com
Mon Aug 6 14:31:30 EDT 2007


Greg Freemyer wrote:
> On 8/6/07, Preston Boyington <preston.lists at gmail.com> wrote:
>   
>> Greg Freemyer wrote:
>>     
>>> All,
>>>
>>> With the recent release at Blackhat of the gmail hack:
>>>
>>> I want to configure Firefox (Linux & Windows installs) to not allow
>>> access to http:/mail.google.com, but to allow access to
>>> https://mail.google.com
>>>
>>> Note the http vs. https difference.
>>>
>>> Is this possible in Firefox itself?  I want to avoid using other
>>> infrastructure due to traveling laptops running Windows etc.
>>>
>>>       
>> I am noticing that when I now type www.gmail.com into my browser(s) I am
>> automatically redirected to https:// login.  gmail made adjustments?
>>     
>
> As David said (and I just verified at 1pm):
>
> If you enter: http://gmail.com you get redirected to a secure page for
> login, but back to a normal http page for normal usage.
>
> It is on the normal usage page that the newly released hack works.
>
> OTOH, if you initially enter https://gmail.com, then you stay in
> encrypted pages for the duration of your session and as I understand
> it the new hack fails.
>
> Thus my desire to blacklist http://mail.google.com for all of our
> corporate PCs, etc.
>
> Greg
>   
Why not just firewall that address? Not sure if it gets easier than that
as long as your network is set up with a firewall.



More information about the Ale mailing list