A security researcher named Rob Graham has noted that it doesn’t take a lot of effort to disable the safety measure that exists on Google services such as Gmail.
The data that can be gathered from a user include map searches and calendar entries. The vulnerability is about the use of session-IDs on websites after users have logged in.
“If companies do SSL correctly, then you’re safe. The problem with Gmail is it’s not doing SSL correctly. In my experience just using Gmail normally, I’ve seen this happen accidentally,” he said.
A spokeswoman from Google said that their security pros were looking in to his research.
Source: The Register