I only visit trusted site. And use another computer visit new site.

This is so old, I can't believe Google still haven't got that fixed.
The keywords are: redirect and escape. :D

Just as news I recently read: "hackers can hack your gmail account"... yeah, only if you use a public wifi network and if you don't encrypt the data. Biaised news sucks

Uhm, Tom, what is biased about news that tells people of a security issue that needs public wifi as context? I for one was happy to have heard that wifi news because I wasn't aware of this (and contacted the security expert who came up with the hacking tools for it for some reporting, though he didn't respond yet).

biased news because of medias which aren't really specialist in technology, so they heard once Gmail has been hacked, so they publish "there is a big flaw in Gmail" and they want to affraid people. "If an hacked did that with an account, every hacker on Earth can/will do that with your account." I don't like that.

Ah OK. I read it at BBC I think which had got the details right (I think!)...

What I think makes sense is to point out what someone else can do once they got your Google Account password. Because that scope is just immense. No need to be scared, but it makes sense to be cautious.

I wonder if people here log-in to Google when they're in an internet cafe, on some computer they don't know?

Philipp
here is the detailed news with screenshots to describe
http://blogs.zdnet.com/Ou/?p=651

TOM is right, its not a gmail vulnerability, its the way media uses to attract the traffic. This thing can be used to steal password/session of any website (gmail included)

In his blog the tool author has mentioned that salesforce is one of the website which is safe from such attacks

What I don't get with all this potential issues:
Why is there no log available to me, showing me when I have logged in the last couple of times succesfull? With this simple method you have not more security in the first place but at least you are able to notice that someone has stolen your password, change it on google account and about hundred other sites you use the same password ;-)

btw. does anyone know why http<b>s</b>://mail.google.com redirects to http : //mail.google.com after logging in?

Here's an interesting phishing attempt, though this one is very obvious:

http://blogoscoped.com/files/gmail-phishing-2007.png

[Thanks Hanan C.!]

Stephan

I remember that redirection issue you brought. But today when i tried again, its not redirecting me to non-ssl page after logging in.
Seems like Google has done this change recently.

> does anyone know why http<b>s</b>://mail.google.com redirects to http : //mail.google.com after logging in?

I think I know (or at least I hope). Because Google doesn't want to create a false sense of security. Your Gmail password is one thing, but the mails themselves are not secure, and cannot be with the current infrastructure.

> does anyone know why http<b>s</b>://mail.google.com
> redirects to http : //mail.google.com after logging in?

It works correctly for me (https -> https) – I'm in the UK.

another site which seems like phishing for your google password
added spaces so that no one clicks it by mistake

http:// orkutverification.awardspace.com/ orkut.htm

> does anyone know why http*s*://mail.google.com
> redirects to http : //mail.google.com after logging in?
When you sign in, it's always https, regardless what you typed it. So make sure to change your bookmark to https://mail.google.com (or keep a habit of typing https://)

[Link formatting fixed – Tony]