Tuesday, July 10, 2007

Secure the Gmail notifier on OS X

This was found on macosxhints.com via digg.com:

I was shocked to discover that the Gmail Notifier, as distributed by Google, defaults to sending your Gmail password over the network in clear text every time it checks your inbox for new mail. This is incredibly insecure, especially since Google has plenty of smart people who now how to secure internet communication. They have the capability to enable secure communication as proven by the ability to access Gmail entirely over HTTPS (by using https://mail.google.com as the entry point). As it turns out, there is an easy "hack" for Mac users to switch Gmail notifier to HTTPS as well:

Pull down the Notifier menu (either Calendar or Gmail), hold down Command and Option, and click Preferences on the menu. You’ll see a hidden settings editor. Enter SecureAlways in the Key field (upper and lower case must be entered as shown) and 1 in the Value field, then click Set. Quit Notifier and start it up again. From now on, all connections with both Gmail & Gcal will be https. Thanks to this comment on the O'Reilly blogs for this trick!

No comments: