

Android Gmail App: Stealing Emails via XSS - rudenoise
http://spareclockcycles.org/2011/02/11/android-gmail-app-stealing-emails-via-xss/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+spareclockcycles+(Spare+Clock+Cycles)

======
piaskal
"I found the bug on 12/3/2010"

Date format used in US is probably the most unintuitive. At first I read that
as 12 march 2010. Made me think for a moment that it took Google almost a year
to fix it.

~~~
generalk
The US date format isn't unintuitive if you're fluent in colloquial American
english, because that's how we speak dates aloud. You're more likely to hear
"March 12, 2010" than "12 March, 2010" in casual conversation.

That said, I try to stick to 12 Mar 2010 (abbreviated textual month) on the
intertubes in deference to the fact that the rest of the world formats dates
differently, and I find that to be a nice unambiguous middle-ground.

~~~
ZeroGravitas
Which came first though, saying March 12 (or 12th?) or writing 3/12? I'd say
12th of March, but I'm in the UK.

------
mise
Is sending emails through the Android 2.2+ Gmail app "secure" to send over
public Wifi?

~~~
moeffju
As far as I know, Gmail always uses SSL for everything. Even the SMTP
submission is forced-ssl. So it should be safe to use on unsecured networks,
but you can easily verify this with Wireshark or tcpdump.

~~~
tropin
Mmm you should have a different notion of easy, as it would need a network
packet sniffer running in your mobile, testing it with an android emulator in
your computer or being able to run software in your AP.

