A pretty inresting post on how Google accounts like Orkut or even gmail can be popped in case you even by mistake check on Remember Me check box when you login.
Here is how thing works:
- If user had used Remember Password feature in any computer at cybercafe or shared computer at home.
- I can double click on text box which asks for username and select any of them. As it remembers you password it will appear there.
- Now definitely I can not see your password this way but this is what I will do to see
Type this in address bar and hit enter
https://www.google.com/accounts/ServiceLoginBox?service=orkut&nui=
2&uilel=1&skipvpage=true&continue=https%3A%2F%2Fwww.orkut.com
%2FRedirLogin.aspx%3Fmsg%3D0%26page%3Dhttp%253A%252F%252
Fwww.orkut.com%252FHome.aspx&followup=https%3A%2F%2Fwww.orkut.com
%2FGLogin.aspx&hl=en-US’
Next Select username and again password shows up in the box in dots or *. Now type this in your address bar and hit enter and you will see the password getting displayed.
Probably its the fault on users part to use the “Remember me ” feature but I was guessing the password gets encrypted as soon as we type but no. They must be getting encrypted only when it is sent to Google servers.
This is definetly a bug and should be resolved by them. Encrypting at this level wont be difficult. You can read Atul’s post for images and much more details at Hacking social networking users account.
Encryptions never happen on the client side and they can only happen on the server side…this is not a bug….Why should encryption happen on the client side? what purpose does it serve?
however HTTPS is a secured way of connecting to GMAIL as i posted recently..
Hey!
I think something is missing after this line.