Robert Graham, the CEO of errata security, surprised attendees by hijacking a Gmail session on camera and reading the victim’s email. He went even further by demonstrating the attack to us in person, taking over another journalist’s Gmail account and then sending us sheep-loving emails.
Now you know why it’s dangerous to check your web emails in public hotspot or through open wi-fi connections. You can try https session and only use secure wifi connection to avoid problems.
From the article:
The attack is actually quite simple. First Graham needs to be able to sniff data packets and in our case the open Wi-Fi network at the convention fulfilled that requirement. He then ran Ferret to copy all the cookies flying through the air. Finally, Graham cloned those cookies into his browser – in easy point-and-click fashion - with a home-grown tool called Hamster.