By Joel Hruska | Published: February 01, 2008 – 12:50PM CT
Graham himself references Google Mail as an example of this problem, but it’s far from the only site affected, and the https:// alternative it offers is still better than what you can get on other sites. Facebook, MySpace, and Yahoo Mail are all affected by the issue, as are other “Web 2.0” sites. Graham implies that the solution to this issue to to encrypt the entire user session as financial institutions do, rather than only encrypting a login page—but in order for that to be successful, products like Google Mail obviously can’t drop back into non-SSL mode when attempting to connect.
Graham stops short of saying that Gmail is now a fundamentally insecure product, but the situation as a whole is obviously less than ideal. As wireless use continues to grow these types of security issues will have to be addressed in all facets of communication—even a handful of major wireless security scares could throw a scare into users.