[Edit: I invite anyone reading this to dig through the comments for good ancillary advice, and some
insightful commentary from
fxchip]
Hello, folks--earlier this month, at a well-known conference, there was announced a
tool that can hack into any GMail account, regardless of how good your password is, as long as the data is flitting around unencrypted.
That's bad, m'kay?
Google has always had it so that your login credentials flit around encrypted, but once that's done, drops you to an unencrypted session (for long reasons that work out to "it's cheaper that way" for several kinds of "cheaper"). This will leave you quite open to this tool when it's released into the wild at the end of the month.
However, there's help! Google has just made it so that you can choose to have all your GMail traffic encrypted, and I would recommend this to any GMail user, even if you think "oh, my e-mail isn't that important". It's really easy to fix this. Actually, they should fix the dodgamn underlying bug, but leaving that aside for now, here's what you can do:
Simply log into GMail, and click on the Settings link over in the top right corner. At the bottom of this screen is a section labelled "Browser Connection", which by default is set to "Don't always use https". Change this to "Always use https", then click the "Save changes" button directly below. That "should" keep you safe from people using this fascinating new toy.
Enjoy!
-- Lorrie