How Safe is Gmail, Twitter and Facebook? Is HTTPS Safe? We Show You How It Isn’t
By on January 27th, 2011

Hey, isn’t HTTPS the most safe and secure way to access a website? Not exactly, here is where we show how people can use a simple method to crack , and .

hacked

So you think you can’t be hacked? Well, think again, you can be hacked using a simple image and JavaScript on a secure HTTPS. Before I go ahead on this, watch a video below created by our author Amit Banerjee which shows you how vulnerable you are on the Internet.

As you can see from the above video, it is very easy for anyone to know when you are logged into Gmail, Twitter and Facebook without having to place any suspicious code on your PC. All you need to do is visit a website to check whether or not you are logged in on these sites. Your information can be tracked, no matter whether it uses HTTPS or not and whether you visit the website or not.

This is basically very scary because this is a cross-platform hack and is done through a image which is hosted by these services. Though, I do know that on how this is done, I don’t have any solutions to negate this problem right now,  but I am really trying to figure out one. Till then there is nothing you can do about it. Fun right?

I have reached out to Gmail, Facebook and Twitter about this and am awaiting a response. Will update this post once I get one. Till then, you are not safe on the internet.

The hack basically uses the HTTP status code to find out whether you are logged in or not into these services. Since these images are hosted on Gmail, Twitter and Facebook a user basically has to log in to view them, so it becomes easy to figure out when you are logged in or not. If you are curious to see this in action, visit this page.

For more information, check out Hack A Day on how HTTP Status codes can be abused.

(Video and most of the reporting done by Amit Banerjee)

Tags: , ,
Author: Keith Dsouza Google Profile for Keith Dsouza
I am the editor-in-chief and owner of Techie Buzz. I love coding and have contributed to several open source projects in the past. You can know more about me and my projects by visiting my Personal Website. I am also a social networking enthusiast and can be found active on twitter, you can follow Keith on twitter @keithdsouza. You can click on my name to visit my Google+ profile.

Keith Dsouza has written and can be contacted at keith@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
    Warning: call_user_func() expects parameter 1 to be a valid callback, function 'advanced_comment' not found or invalid function name in /home/keith/techie-buzz.com/htdocs/wp-includes/comment-template.php on line 1694
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN