Jude Britto wrote, [on 10/30/2008 8:27 PM]: > Any requests your browser makes to www.google.com go to their machines > instead which apparently transparently proxy the real www.google.com. > > If you are signed into your google account (gmail), these requests will > include browser cookies that are meant to be shared only with the domain > that issued them (they can be used to spoof you).
I agree that this is a potential issue. However, to make it moot (at least in the case of gmail) one could use only https to access it. [1] [2] Udhay [1] https://mail.google.com/support/bin/answer.py?hl=en&answer=8155 [2] https://addons.mozilla.org/en-US/firefox/addon/6076 -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
