Here is a demonstration by Sandro Gauci of the Surf Jack attack being performed on Gmail. It also shows how Google's Gmail can be prevented from being vulnerable to this attack by selecting the "always use https" option.
http://www.net-security.org/secworld.php?id=6408 |
Covered at EnableSecurity Blog too, link http://enablesecurity.com/2008/08/11/surf-jack-https-will-not-save-you/ |