https to protect their gmail sessions from Robert Graham's
"Sidejacking" attackers.
It turns out that independent of Mr. Graham's work, I have also been
investigating these types of attacks as they pertained to users'
safety while they use the Tor network.
As I presented in my Black Hat and DefCon talks on Securing the Tor
Network, it turns out that using https for accessing mail.google.com
is not sufficient to protect you from many "Sidejacking" attacks. The
'GX' authentication cookie for mail.google.com is set to be
>> need more accounts.
>>
>> As the Gmail account creation is a manual process as it needs to pass
>> the captcha. Another limitation is that Google only permits the
>> creation of 10 new accounts creation per day from the same IP address,
>> but using proxies or Tor network would bypass this limitation. Anyway,
>> although the creation of N accounts, those could be used anytime for
>> password cracking accounts.
>>
>> V. BUSINESS IMPACT
>> -------------------------
> need more accounts.
>
> As the Gmail account creation is a manual process as it needs to pass
> the captcha. Another limitation is that Google only permits the
> creation of 10 new accounts creation per day from the same IP address,
> but using proxies or Tor network would bypass this limitation. Anyway,
> although the creation of N accounts, those could be used anytime for
> password cracking accounts.
>
> V. BUSINESS IMPACT
> -------------------------
