The good news is that whenever clicking on an email message, or a label, or a directory, the session expires and you get logged off.
The bad news is that people can see emails in your inbox and can see the emails of those who sent you the emails.
K.The Kuwaiti had reported this issue here.
The problem seems to be facing those using FastTelco ISP connection, both home & businesses. Seems like they're using transparent proxies & caching data.
I confirmed it with those who told me about these symptoms, and they were using FT connections.
As for the post at 248AM blog, I don't agree with the suggestions in that post and have posted a correction.
Here's my my take at the issue:
"Tor was abused and embassy information was stolen through it. The same goes for proxies. They're simply someone else's machine.
By the way, even when an ISP is using a cache or a transparent proxy, it should NOT cache SSL (encrypted) pages. It can't. Simply because the session exists between the user (you) and the server (gmail, for example) and the cache server has nothing to see.
Try accessing GMail using this link: https://mail.google.com instead of using gmail.com -- This will work because gmail.com will only use SSL to authenticate then redirect you to your inbox using HTTP, where if you use https://mail.google.com, it will keep the SSL session and log you to your inbox with an encrypted channel.
The same applies for banking sites using SSL."
Update: Tuesday, Feb 19th: According to those who were facing the problems, they have stopped now.
No comments:
Post a Comment