Warning of webmail wi-fi hijack (BBC)

Using public wi-fi hotspots has got much riskier as security experts unveil tools that nab login data over the air.

Demonstrated at the Black Hat hacker conference in Las Vegas, the tools make it far easier to steal account details, said Robert Graham of Errata Security.

Identifying files called cookies are stolen in the attack which let hackers pose as their victim.

This gives attackers access to mail messages or the page someone maintains on sites such as MySpace or Facebook.

Hacker gathering

Prior to the demonstration, which involved the live hijacking of a Google mail account (GMail), many sites were thought to be safe because they encrypted the data swapped back and forth when people login.
***
more: http://news.bbc.co.uk/2/hi/technology/6929258.stm

PC media players have significant vulnerabilities that could be exploited by hi-tech criminals.

The loopholes could be used to attach malicious programs to music or video downloads in order to hijack a PC. ....

===============================

By law, software must have, built in, a means for law enforcement to access computers. How many people have that info?

Merely 'safe enough'.

Many sites drop out of SSL after authentication. This is security suicide. This has always been known.
Trusting that if the cookie is present means you're ok is bad. Known for a while as well.

It should also be noted that 100% safe requires more than SSL, more than mere session verification, more than mere IP verification. If anyone is interested in reading more I suggest you read the OWASP guide to see just how much is involved in making a site secure. It's a lot.