gmail security

Discussion in 'Computer Security' started by phwashington@comcast.net, Nov 29, 2006.

  1. Guest

    My company wants is thinking about using gmail for there mail service.
    I remember that a couple of years ago there was an exploit against
    gmail, but since then I haven't been aware of any problems.
    Is gmail any less secure than most ISP's.
    Is there evidence of this, a series of exploits in the last 2 years
    that I haven't heard of.
    , Nov 29, 2006
    #1
    1. Advertising

  2. Zilbandy Guest

    On 29 Nov 2006 00:02:20 -0800, wrote:

    >My company wants is thinking about using gmail for there mail service.
    >I remember that a couple of years ago there was an exploit against
    >gmail, but since then I haven't been aware of any problems.
    >Is gmail any less secure than most ISP's.
    >Is there evidence of this, a series of exploits in the last 2 years
    >that I haven't heard of.


    You can get a domain name with hosting with 50 email addresses and
    several gigabytes of server space for under $10 month. No legitimate
    company should be using a free email service, in these times. Just my
    opinion. If your company has over 50 employees, you certainly
    shouldn't be considering a free service.


    --
    Zilbandy - Tucson, Arizona USA <>
    Dead Suburban's Home Page: http://zilbandy.com/suburb/
    PGP Public Key: http://zilbandy.com/pgpkey.htm
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Zilbandy, Nov 29, 2006
    #2
    1. Advertising

  3. Todd H. Guest

    writes:

    > My company wants is thinking about using gmail for there mail service.
    > I remember that a couple of years ago there was an exploit against
    > gmail, but since then I haven't been aware of any problems.
    > Is gmail any less secure than most ISP's.


    Depends on how you feel about them targeting marketing to you based on
    you and your customer's correspondence. If one day that privacy
    policy changes for gmail, and that information is no longer
    "anonymous" or gets handily sold to third parties, heads will roll,
    and whomever decided "gee, using a free email service with a
    quesitonable privacy policy is a great idea!" might be among the
    first.

    Also, you have to think about the business card aspect. If a
    business isn't stable enough to be using their own domain vs free
    email service, just how legitimate is that business? These are
    questions your customers may ask themselves but never tell you.


    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
    Todd H., Nov 29, 2006
    #3
  4. Guest

    Zilbandy wrote:
    > On 29 Nov 2006 00:02:20 -0800, wrote:
    >
    > >My company wants is thinking about using gmail for there mail service.
    > >I remember that a couple of years ago there was an exploit against
    > >gmail, but since then I haven't been aware of any problems.
    > >Is gmail any less secure than most ISP's.
    > >Is there evidence of this, a series of exploits in the last 2 years
    > >that I haven't heard of.

    >
    > You can get a domain name with hosting with 50 email addresses and
    > several gigabytes of server space for under $10 month. No legitimate
    > company should be using a free email service, in these times. Just my
    > opinion. If your company has over 50 employees, you certainly
    > shouldn't be considering a free service.
    >

    Not to advertise for google but they have a new gmail service which
    supports your domain.
    We currently have email hosting service which is a little more
    expensive than the above. Currently their spam filtering is terrible
    and users are complaining about email size limitations.
    >
    > --
    > Zilbandy - Tucson, Arizona USA <>
    > Dead Suburban's Home Page: http://zilbandy.com/suburb/
    > PGP Public Key: http://zilbandy.com/pgpkey.htm
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    , Nov 29, 2006
    #4
  5. In article <>,
    Zilbandy <> wrote:
    >On 29 Nov 2006 00:02:20 -0800, wrote:
    >
    >>My company wants is thinking about using gmail for there mail service.
    >>I remember that a couple of years ago there was an exploit against
    >>gmail, but since then I haven't been aware of any problems.
    >>Is gmail any less secure than most ISP's.
    >>Is there evidence of this, a series of exploits in the last 2 years
    >>that I haven't heard of.

    >
    >You can get a domain name with hosting with 50 email addresses and
    >several gigabytes of server space for under $10 month. No legitimate
    >company should be using a free email service, in these times. Just my
    >opinion. If your company has over 50 employees, you certainly
    >shouldn't be considering a free service.


    IMHO, there's nothing special about free that should automatically
    remove it from any consideration.

    You should look at the various issues involved:

    - reliability of service
    - quality of support
    - ability to meet your needs
    - ability to carry _your_ brand
    - cost

    and make the best overall purchasing decision. Certainly, I don't see
    how a $10/month service with poor reliability is somehow better than a
    free service with high reliability, other things being equal.

    Craig
    Craig A. Finseth, Nov 29, 2006
    #5
  6. In article <>, Todd H. <> wrote:
    > writes:
    >
    >> My company wants is thinking about using gmail for there mail service.
    >> I remember that a couple of years ago there was an exploit against
    >> gmail, but since then I haven't been aware of any problems.
    >> Is gmail any less secure than most ISP's.

    >
    >Depends on how you feel about them targeting marketing to you based on
    >you and your customer's correspondence. If one day that privacy
    >policy changes for gmail, and that information is no longer
    >"anonymous" or gets handily sold to third parties, heads will roll,
    >and whomever decided "gee, using a free email service with a
    >quesitonable privacy policy is a great idea!" might be among the
    >first.


    Of course, many for-pay services effectively have the policy of "we'll
    happily sell your information to anyone with money." Even those that
    don't right now can change their policies at the drop of a hat.

    And which large company is the one that _didn't_ just turn over lots
    of records at the first request?

    I'm not pushing any service or not. I'm just saying that there's
    nothing special about a free service that automatically removes it
    from any consideration.

    Craig
    Craig A. Finseth, Nov 29, 2006
    #6
  7. Guest

    Todd H. wrote:
    > writes:
    >
    > > My company wants is thinking about using gmail for there mail service.
    > > I remember that a couple of years ago there was an exploit against
    > > gmail, but since then I haven't been aware of any problems.
    > > Is gmail any less secure than most ISP's.

    >
    > Depends on how you feel about them targeting marketing to you based on
    > you and your customer's correspondence. If one day that privacy
    > policy changes for gmail, and that information is no longer
    > "anonymous" or gets handily sold to third parties, heads will roll,
    > and whomever decided "gee, using a free email service with a
    > quesitonable privacy policy is a great idea!" might be among the
    > first.
    >


    I already have users moving or forwarding their accounts to yahoo mail.
    Can gmail be much worse?

    > Also, you have to think about the business card aspect.

    gmail is currently advertising the ability to host domains.

    On a regular email account I believe that you can mask the gmail
    account with you business address.

    If a
    > business isn't stable enough to be using their own domain vs free
    > email service, just how legitimate is that business?

    We had an important email from a customer delayed for a couple of days,
    because of the size of the email (14MB). The CEO raised the same
    concerns about our legitimacy-appearance, because of this
    he was having to use or resorting to use yahoo for the correspondence.
    He basically came at me with concerns about my inability to find a
    provider that could better suit his needs. His basis being that yahoo
    and our customer didn't seem to be having a problem with these size
    emails.
    >These are
    > questions your customers may ask themselves but never tell you.
    >
    >
    > Best Regards,
    > --
    > Todd H.
    > http://www.toddh.net/
    , Nov 29, 2006
    #7
  8. Moe Trin Guest

    On 29 Nov 2006, in the Usenet newsgroup alt.computer.security, in article
    <>,
    wrote:

    >Todd H. wrote:
    >> writes:
    >>
    >>> My company wants is thinking about using gmail for there mail service.
    >>> I remember that a couple of years ago there was an exploit against
    >>> gmail, but since then I haven't been aware of any problems.
    >>> Is gmail any less secure than most ISP's.


    Depends on how you define security

    >> Depends on how you feel about them targeting marketing to you based on
    >> you and your customer's correspondence.


    Yeah, people never bother to read all those terms/conditions.

    >> If one day that privacy policy changes for gmail, and that information
    >> is no longer "anonymous" or gets handily sold to third parties, heads
    >> will roll, and whomever decided "gee, using a free email service with
    >> a quesitonable privacy policy is a great idea!" might be among the
    >> first.


    If they are hosting the domain name that has no obvious connection to
    google, that might be tolerable - but some people block all access to
    64.233.160.0/19.

    >I already have users moving or forwarding their accounts to yahoo mail.
    > Can gmail be much worse?


    Is -999 worse than -998? Both are blocked here.

    >> Also, you have to think about the business card aspect.


    You mean "" ? I can't tell you how
    many companies lost any chance of doing business with me (and a number of
    companies I'm aware of) because of the horrible image their domain name
    presented.

    >gmail is currently advertising the ability to host domains.


    Are they also hosting your domain - _directly_ providing you with your
    network connectivity? If so, I hope someone made a full check of what
    mail looks like that comes through their servers.

    >> If a business isn't stable enough to be using their own domain vs free
    >> email service, just how legitimate is that business?

    >We had an important email from a customer delayed for a couple of days,
    >because of the size of the email (14MB). The CEO raised the same
    >concerns about our legitimacy-appearance, because of this
    > he was having to use or resorting to use yahoo for the correspondence.


    1. If your business depends on the timely reception of e-mail, someone
    needs to seriously go back to square one and read the RFCs. 'e-mail' is
    a "best effort" type of service, AND THERE ARE NO GUARANTEES THAT IT WILL
    WORK, never mind arrive at a destination in a reasonable time.

    2. Someone obviously failed to do a "due-diligence" test on selecting
    the mail providers. If that wasn't you, get your resume out on the
    street soonest. If that _was_ you - consider changing careers. Really.

    3. I can understand that there could be problems with mails that big.
    If you are running sendmail, look at /etc/sendmail.cf and see what is
    set for "MaxMessageSize". The default is often one meg. There often is
    a "MinFreeBlocks" setting that impacts mail delivery as well. This is
    true of most MTAs and should be in the documentation.

    > He basically came at me with concerns about my inability to find a
    >provider that could better suit his needs. His basis being that yahoo
    >and our customer didn't seem to be having a problem with these size
    >emails.


    There are something on the order of thirty _thousand_ network providers
    in the United States of America. At the very least, you should be able
    to get connectivity via DSL or Cable from several _local_ providers. As
    this is a business, you should be talking about a business _grade_
    account, and that should allow you to run your own mail servers. If you
    are a mom-and-pop with one IP address, research the providers by searching
    the "news.admin.net-abuse.*" newsgroups. Depending on your business model,
    you may want to have your provider SWIP the IP space to you, and see that
    your IP address is not in a dynamic range if you expect your mail to be
    accepted elsewhere. AS AN EXAMPLE, you're posting from a Road Runner
    address, and if you look it up you find

    [compton ~]$ host 76.185.8.150
    150.8.185.76.IN-ADDR.ARPA domain name pointer cpe-76-185-8-150.tx.res.rr.com
    [compton ~]$

    Hostname contains IP address. Hostname contains "res" suggesting
    "residential" rather than "business" or even "static". Do the "A" and "PTR"
    DNS records match (I don't know - you'd have to check that)? A few minutes
    in the news.admin.net-abuse.blocklisting newsgroup would suggest why this
    would be a really bad address to try to send mail from.

    Old guy
    Moe Trin, Nov 29, 2006
    #8
  9. Guest

    Moe Trin wrote:
    > On 29 Nov 2006, in the Usenet newsgroup alt.computer.security, in article
    > <>,
    > wrote:
    >
    > >Todd H. wrote:
    > >> writes:
    > >>
    > >>> My company wants is thinking about using gmail for there mail service.
    > >>> I remember that a couple of years ago there was an exploit against
    > >>> gmail, but since then I haven't been aware of any problems.
    > >>> Is gmail any less secure than most ISP's.

    >
    > Depends on how you define security
    >
    > >> Depends on how you feel about them targeting marketing to you based on
    > >> you and your customer's correspondence.

    >
    > Yeah, people never bother to read all those terms/conditions.
    >
    > >> If one day that privacy policy changes for gmail, and that information
    > >> is no longer "anonymous" or gets handily sold to third parties, heads
    > >> will roll, and whomever decided "gee, using a free email service with
    > >> a quesitonable privacy policy is a great idea!" might be among the
    > >> first.

    >
    > If they are hosting the domain name that has no obvious connection to
    > google, that might be tolerable - but some people block all access to
    > 64.233.160.0/19.
    >
    > >I already have users moving or forwarding their accounts to yahoo mail.
    > > Can gmail be much worse?

    >
    > Is -999 worse than -998? Both are blocked here.
    >
    > >> Also, you have to think about the business card aspect.

    >
    > You mean "" ? I can't tell you how
    > many companies lost any chance of doing business with me (and a number of
    > companies I'm aware of) because of the horrible image their domain name
    > presented.
    >
    > >gmail is currently advertising the ability to host domains.

    >
    > Are they also hosting your domain - _directly_ providing you with your
    > network connectivity? If so, I hope someone made a full check of what
    > mail looks like that comes through their servers.
    >
    > >> If a business isn't stable enough to be using their own domain vs free
    > >> email service, just how legitimate is that business?

    > >We had an important email from a customer delayed for a couple of days,
    > >because of the size of the email (14MB). The CEO raised the same
    > >concerns about our legitimacy-appearance, because of this
    > > he was having to use or resorting to use yahoo for the correspondence.

    >
    > 1. If your business depends on the timely reception of e-mail, someone
    > needs to seriously go back to square one and read the RFCs. 'e-mail' is
    > a "best effort" type of service, AND THERE ARE NO GUARANTEES THAT IT WILL
    > WORK, never mind arrive at a destination in a reasonable time.
    >
    > 2. Someone obviously failed to do a "due-diligence" test on selecting
    > the mail providers. If that wasn't you, get your resume out on the
    > street soonest. If that _was_ you - consider changing careers. Really.

    There is a strong possibility that the email providers performance has
    changed over
    the past few years. I don't think there is any reason for changing
    jobs or careers here.

    Part of the problem may be with the users. I think a couple of them
    are using their email
    addresses when they register for porn sites, another when he downloads
    free software
    off the internet and another to register for sites that report the
    latest sales ( this one was the
    closest to being job related, the user is in charge of purchasing
    office supplies).
    >
    > 3. I can understand that there could be problems with mails that big.
    > If you are running sendmail, look at /etc/sendmail.cf and see what is
    > set for "MaxMessageSize". The default is often one meg. There often is
    > a "MinFreeBlocks" setting that impacts mail delivery as well. This is
    > true of most MTAs and should be in the documentation.
    >
    > > He basically came at me with concerns about my inability to find a
    > >provider that could better suit his needs. His basis being that yahoo
    > >and our customer didn't seem to be having a problem with these size
    > >emails.

    >
    > There are something on the order of thirty _thousand_ network providers
    > in the United States of America. At the very least, you should be able
    > to get connectivity via DSL or Cable from several _local_ providers. As

    Believe it or not there are still some places where you can't get this.
    Every
    business within a block needing Broadband has either a fractional T1 or
    better.
    Some of the businesses are using dial up.

    > this is a business, you should be talking about a business _grade_
    > account, and that should allow you to run your own mail servers. If you
    > are a mom-and-pop with one IP address, research the providers by searching
    > the "news.admin.net-abuse.*" newsgroups. Depending on your business model,
    > you may want to have your provider SWIP the IP space to you, and see that
    > your IP address is not in a dynamic range if you expect your mail to be
    > accepted elsewhere. AS AN EXAMPLE, you're posting from a Road Runner
    > address, and if you look it up you find
    >
    > [compton ~]$ host 76.185.8.150
    > 150.8.185.76.IN-ADDR.ARPA domain name pointer cpe-76-185-8-150.tx.res.rr.com
    > [compton ~]$
    >
    > Hostname contains IP address. Hostname contains "res" suggesting
    > "residential" rather than "business" or even "static". Do the "A" and "PTR"
    > DNS records match (I don't know - you'd have to check that)? A few minutes
    > in the news.admin.net-abuse.blocklisting newsgroup would suggest why this
    > would be a really bad address to try to send mail from.
    >


    > Old guy
    , Dec 2, 2006
    #9
  10. Moe Trin Guest

    On 2 Dec 2006, in the Usenet newsgroup alt.computer.security, in article
    <>,
    wrote:

    >Moe Trin wrote:


    >> 2. Someone obviously failed to do a "due-diligence" test on selecting
    >> the mail providers. If that wasn't you, get your resume out on the
    >> street soonest. If that _was_ you - consider changing careers. Really.


    >There is a strong possibility that the email providers performance has
    >changed over the past few years. I don't think there is any reason for
    >changing jobs or careers here.


    Watching for mention of the provider or IP range in the Usenet newsgroup
    'news.admin.net-abuse.sightings' (and in the 'news.admin.net-abuse.*'
    hierarchy will avoid a lot of surprises.

    >Part of the problem may be with the users. I think a couple of them
    >are using their email addresses when they register for porn sites,
    >another when he downloads free software off the internet and another
    >to register for sites that report the latest sales ( this one was the
    >closest to being job related, the user is in charge of purchasing
    >office supplies).


    That's a company policy problem, not something that you can control as
    a network administrator. The policy should detail what is allowable use
    of email (which includes the use of the company mail address). (Comment:
    That's why I'm posting from an ISP account and not mentioning the name
    of the company at all.) The third user may or may not be OK - it's
    hard to tell with no details. Obviously the first is not, and the
    second is iffy (not acceptable if the downloads are personal, but may
    be needed if support is required when the stuff is downloaded for
    company use). For the latter, we have special mail accounts that are
    only used for registration purposes.

    >Believe it or not there are still some places where you can't get this.
    >Every business within a block needing Broadband has either a fractional
    >T1 or better. Some of the businesses are using dial up.


    Those with fractional T1 or better shouldn't need to also obtain their
    address space directly from the connectivity provider. In the 1990s, we
    got our connection to the world from BBN, but have had our own direct
    assignment from ARIN since the mid-80s. BBN appeared as the last few hops
    on a traceroute and was advertising our AS number, but that was it. Today,
    DSL can work the same way. As for dialup, yeah - that's a lot more
    difficult.

    Old guy
    Moe Trin, Dec 2, 2006
    #10
  11. warf Guest

    Craig A. Finseth wrote:

    > In article <>,
    > Zilbandy <> wrote:
    >
    >>On 29 Nov 2006 00:02:20 -0800, wrote:
    >>
    >>
    >>>My company wants is thinking about using gmail for there mail service.
    >>>I remember that a couple of years ago there was an exploit against
    >>>gmail, but since then I haven't been aware of any problems.
    >>>Is gmail any less secure than most ISP's.
    >>>Is there evidence of this, a series of exploits in the last 2 years
    >>>that I haven't heard of.

    >>
    >>You can get a domain name with hosting with 50 email addresses and
    >>several gigabytes of server space for under $10 month. No legitimate
    >>company should be using a free email service, in these times. Just my
    >>opinion. If your company has over 50 employees, you certainly
    >>shouldn't be considering a free service.

    >
    >
    > IMHO, there's nothing special about free that should automatically
    > remove it from any consideration.
    >
    > You should look at the various issues involved:
    >
    > - reliability of service
    > - quality of support
    > - ability to meet your needs
    > - ability to carry _your_ brand
    > - cost
    >
    > and make the best overall purchasing decision. Certainly, I don't see
    > how a $10/month service with poor reliability is somehow better than a
    > free service with high reliability, other things being equal.
    >
    > Craig
    >


    Gmail does demand enabling 3rd party cookies sans privacy policy and
    active-X before you can even log in...may or may not matter to you...
    warf.
    warf, Dec 14, 2006
    #11
  12. kurt wismer Guest

    warf wrote:
    [snip]
    > Gmail does demand enabling 3rd party cookies sans privacy policy and
    > active-X before you can even log in...may or may not matter to you...
    > warf.


    facts may or may not matter to you - gmail requires neither 3rd party
    cookies nor active-x...

    --
    "it's not the right time to be sober
    now the idiots have taken over
    spreading like a social cancer,
    is there an answer?"
    kurt wismer, Dec 15, 2006
    #12
  13. warf Guest

    kurt wismer wrote:
    > warf wrote:
    > [snip]
    >
    >> Gmail does demand enabling 3rd party cookies sans privacy policy and
    >> active-X before you can even log in...may or may not matter to you...
    >> warf.

    >
    >
    > facts may or may not matter to you - gmail requires neither 3rd party
    > cookies nor active-x...
    >


    FACTS DO, sarcasm doesn't. I have tried all manner of cookie handling
    methods and unless 3rd party cookies are enabled I get the piss off
    popup. Active-X same deal.
    Enlighten me....
    warf, Dec 15, 2006
    #13
  14. warf wrote:

    > kurt wismer wrote:
    >> warf wrote:
    >> [snip]
    >>
    >>> Gmail does demand enabling 3rd party cookies sans privacy policy and
    >>> active-X before you can even log in...may or may not matter to you...
    >>> warf.

    >>
    >> facts may or may not matter to you - gmail requires neither 3rd party
    >> cookies nor active-x...
    >>

    >
    > FACTS DO, sarcasm doesn't. I have tried all manner of cookie handling
    > methods and unless 3rd party cookies are enabled I get the piss off
    > popup. Active-X same deal.
    > Enlighten me....


    You should do so. I have Mozilla Seamonkey 1.05 running with no Active-X
    support, and it works fine. However, the Active-X plugin doesn't work
    anyway, so how did you make it run? It doesn't even work on Mozilla 1.7.14,
    not to mention Firefox 2.0.

    And of course, no cookies with domain attribute (goes that's what you meant
    with "3rd party") or even permanent.

    At any rate, why do you want to use the web interface to access Gmail?
    AFAIK is supports POP3.
    Sebastian Gottschalk, Dec 15, 2006
    #14
  15. warf Guest

    Sebastian Gottschalk wrote:
    > warf wrote:
    >
    >
    >>kurt wismer wrote:

    snip...
    >>[snip my fained outrage]. I have tried all manner of cookie handling
    >>methods and unless 3rd party cookies are enabled I get the piss off
    >>popup. Active-X same deal.
    >>Enlighten me....

    >
    >
    > You should do so. I have Mozilla Seamonkey 1.05 running with no Active-X
    > support, and it works fine. However, the Active-X plugin doesn't work
    > anyway, so how did you make it run? It doesn't even work on Mozilla 1.7.14,
    > not to mention Firefox 2.0.
    >
    > And of course, no cookies with domain attribute (goes that's what you meant
    > with "3rd party") or even permanent.


    Correct, 3rd party seems to imply 'cookie sent to and read from location
    other than who you think you are connected to [google.com] And
    persistent is permanent...they never expire.

    >
    > At any rate, why do you want to use the web interface to access Gmail?
    > AFAIK is supports POP3.


    Correct you are. I actually gave up on gmail long ago and use it only
    for a throwaway email when i have to register somewhere for access.

    RE pop3, I forgot about that... I don;t know if 3rd party cookies are
    required and active-x would not likely be necessary.
    You saw it here first "I'm sorry".

    I was so put off by the scanning and archiving and 'sharing' of content
    that I gave up....even though i had no criminal intent.
    Warf.
    warf, Dec 15, 2006
    #15
  16. warf wrote:

    > Correct, 3rd party seems to imply 'cookie sent to and read from location
    > other than who you think you are connected to [google.com]


    No. "3rd party" cookies means that no cookie is allowed to enable
    referencing to other website. That means, when you go on google.com,
    normally only the cookie for google.com is accessed and transmitted only to
    google, not any other including sites, and neither can they set any
    cookies. However, google.com may allow the google.com cookie to be sent to
    these other sites, via the 'domain' attribute inside the cookies.

    > And persistent is permanent...they never expire.


    Sorry, but that's nonsense. From the view of the server, the actual
    expiration of the cookie at the client side is transparent, thus he cannot
    tell whether you will actually keep it after closing the browser or not, or
    just if you delete it even earlier.

    > Correct you are. I actually gave up on gmail long ago and use it only
    > for a throwaway email when i have to register somewhere for access.


    E.h.. isn't this what Hotmail was normally good for? :)

    > RE pop3, I forgot about that... I don;t know if 3rd party cookies are
    > required and active-x would not likely be necessary.


    Cookies are only useful in context of HTTP sessions - POP3 is a completely
    different protocol.
    Sebastian Gottschalk, Dec 15, 2006
    #16
  17. Arthur T. Guest

    In Message-ID:<WhBgh.66524$YV4.60179@edtnps89>,
    warf <> wrote:

    >Correct you are. I actually gave up on gmail long ago and use it only
    >for a throwaway email when i have to register somewhere for access.


    I found SpamGourmet for such. http://www.spamgourmet.com

    No relationship with them except as a happy user.

    --
    Arthur T. - ar23hur "at" intergate "dot" com
    Looking for a z/OS (IBM mainframe) systems programmer position
    Arthur T., Dec 15, 2006
    #17
  18. kurt wismer Guest

    warf wrote:
    > kurt wismer wrote:
    >> warf wrote:
    >> [snip]
    >>
    >>> Gmail does demand enabling 3rd party cookies sans privacy policy and
    >>> active-X before you can even log in...may or may not matter to you...
    >>> warf.

    >>
    >>
    >> facts may or may not matter to you - gmail requires neither 3rd party
    >> cookies nor active-x...
    >>

    >
    > FACTS DO, sarcasm doesn't. I have tried all manner of cookie handling
    > methods and unless 3rd party cookies are enabled I get the piss off
    > popup. Active-X same deal.
    > Enlighten me....


    i've had 3rd party cookies disabled in firefox for quite some time and
    firefox doesn't even support active-x so when i access gmail with
    firefox it is doing so without either of those things...

    frankly, i'm not even sure what 3rd party cookies would be applicable
    for gmail since they do all their own ads...

    --
    "it's not the right time to be sober
    now the idiots have taken over
    spreading like a social cancer,
    is there an answer?"
    kurt wismer, Dec 16, 2006
    #18
  19. warf Guest

    Sebastian Gottschalk wrote:
    > warf wrote:
    >
    >
    >>Correct, 3rd party seems to imply 'cookie sent to and read from location
    >>other than who you think you are connected to [google.com]

    >
    >
    > No. "3rd party" cookies means that no cookie is allowed to enable
    > referencing to other website. That means, when you go on google.com,
    > normally only the cookie for google.com is accessed and transmitted only to
    > google, not any other including sites, and neither can they set any
    > cookies. However, google.com may allow the google.com cookie to be sent to
    > these other sites, via the 'domain' attribute inside the cookies.


    I think this is either a semantic thing or a language issue....[And I
    mean no disrespect by 'the language thing' since my german is limited to
    a few curse words and salutations]
    I think i mean the same thing, 3rd party means cookies set by a location
    other than Gmail [gmail.goggle.com]


    >
    >>And persistent is permanent...they never expire.

    >
    >
    > Sorry, but that's nonsense. From the view of the server, the actual
    > expiration of the cookie at the client side is transparent, thus he cannot
    > tell whether you will actually keep it after closing the browser or not, or
    > just if you delete it even earlier.


    Again, I mean 'they don;t expire on your computer', [not the server]
    unless you delete them from the cookies folder.

    .....snip
    > Cookies are only useful in context of HTTP sessions - POP3 is a completely
    > different protocol.


    I do stand corrected..I am treading on thin ice which is why i have
    stopped by this NG...to learn mostly.
    Warf

    PS. Again no disrespect, but the Germanic people I know [Dutch, German,
    Swiss] tell me that metaphoric humour is more of an Anglo thing...so
    maybe my sardonic and whimsical comments are taken literally???
    warf, Dec 16, 2006
    #19
  20. warf wrote:

    > Again, I mean 'they don;t expire on your computer', [not the server]
    > unless you delete them from the cookies folder.


    Well, then it's solely your fault, for the technical reasons mentioned.

    > PS. Again no disrespect, but the Germanic people I know [Dutch, German,
    > Swiss] tell me that metaphoric humour is more of an Anglo thing...so
    > maybe my sardonic and whimsical comments are taken literally???


    Beside the obvious humour involved, you really sound a bit whimsical. After
    all, it seems like you have somewhat big misconceptions about the protocols
    and mechanisms involved.
    Sebastian Gottschalk, Dec 16, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    576
    COMSOLIT Messmer
    Sep 5, 2003
  2. kritaly

    gmail blocks .rar files from non-gmail address

    kritaly, Aug 17, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    3,673
    Barry OGrady
    Aug 18, 2005
  3. Ramkumar

    Accessing GMail account from GMail Groups

    Ramkumar, Sep 25, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    3,680
    Mike Easter
    Sep 25, 2005
  4. =?utf-8?B?4oyhzpjilZHilZfiiKk=?=

    gmail security feature

    =?utf-8?B?4oyhzpjilZHilZfiiKk=?=, Feb 14, 2007, in forum: Computer Support
    Replies:
    6
    Views:
    503
    The Old Sourdough
    Feb 15, 2007
  5. thing
    Replies:
    6
    Views:
    1,041
    thing
    Dec 1, 2004
Loading...

Share This Page