Hacking into a Gmail account proves to be an easy thing. Robert Graham (Ceo of Errata Security) gave a demo of it at Black Hat 2007 yesterday using an unprotected Wifi hotspot. The tools he used — nothing but 2 coded scripts called Ferret and Hamster.

Basically, he used Ferret to capture the Wifi signal Session IDs and Cookies from the victim’s Web browser session and used Hamster to clone the Session IDs/Cookies. The cloned web identity was then used to gain full read/ write access of the Gmail account. The scary part of it all is that one doesn’t need to be a super programmer to hack into an email system i.e. just knowing how to use the scripts would be enough. The term script kiddies comes to mind.

Just shows how much you should be aware of potential exploits within email. George Ou from Znet, posted a good article on security steps to safeguard yourself when using email. You should know however, that there is never a case where it is 100% hacker proof — to think it is would be foolish.