Thinky Bits: Not Cloudy Enough

willhains:Williams Hains wrote about his experiences setting up his new iPhone 4S from an iCloud backup.I recently had to get my iPhone 4S replaced at the Genius Bar twice within the space of a week. That’s another story. But it meant that I had to go through the new iPhone set-up process a few times, something that normally I would only do once a year at most.He then writes about how he had to re-enter the account ID and password for all his apps and wonders why developers can’t just store and restore his credentials in iCloud. Could it be that app developers with ID-and-password cloud services just haven’t thought of this? Or is it that the APIs for iCloud are just too hard to use? Or perhaps, because this only happens to people once a year or less on average, developers don’t see it as a big problem?No. Not a good idea. The thought of an app like Instapaper, and Flipboard and Instagr.am etc all storing my Facebook, Twitter or Tumblr userid and password iCloud

How to protect your Gmail account

Enabling HTTPS in Gmail
Enabling SSL in Gmail

Researchers at the at a Defcon hackers’ conference revealed a flaw in the way Google's Gmail handles session cookies. According to the Hacking Truths. web site:

The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID.

However, Google does provide a way to prevent that risk.  Login to your Gmail account and click the Settings link in the upper right hand corner of the page.  At the bottom of that page look for the Browser connection section and make sure that Always use https is enabled.