14 DAY TRIAL // Gmail, eBay, MySpace, banking sites, social network sites, any site, you just name it?they're all vulnerable. You can get your data phished in a second. It doesn't matter if you have a firewall and an anti-virus; if a hacker really wants to get your data, he will. But that's not the news; it may have been news about a month ago, but the thing is that not even the web giants mentioned in the title fixed the bugs.
Now, let me tell you how this goes: if one hacker uses a plain-vanilla network sniffer to "read" the cookies (I know this sounds stupid, but it's techie tongue) you get from Hotmail for instance he can use them to log in with your data. Of course, I just gave an example, there are plenty more cases in which this works. If you get cookies from a site, then you can be cloned. And this even works with HTTPS. Fortunately, this will only affect you while using Public WiFi, so if you are well protected, using a LAN connection, for instance, than you are not attackable with this method.
In any case, since it has been disclosed, this problem continues to persist. As I've seen on the Register, eBay spokesman Hani Durzy said: "This vulnerability is a well known weakness within the HTTP protocol itself. If the user logs out, it will clear the session. Beyond that, the only thing that can be done about it would be to turn the entire site into SSL - which would be prohibitive on several fronts, including usability."
Google has pretty much filled this hole in the wall, successfully deploying SSL, but Gmail does not use it by default and users have little knowledge that this layer can be enabled. In the meantime, all we can do is wait quietly until they fix it or search the web for programs that may enable SSL on certain sites.