A few weeks ago, Google introduced a new feature that allows you to set your Gmail account to always use SSL, not just when you’re logging in.

Like most folks, I didn’t think much of it.  However, a new vulnerability has been discovered that can hijack your account if you’re not using full-time SSL.

While this situation is making Gmail look bad, Google is really looking pretty good.  This specific hack is Gmail-only, but a similar hack could be built for Yahoo mail, Hotmail, etc.  The big difference is that Gmail offers full-time SSL, while the others don’t.

To turn this feature on in Gmail, simply go to [settings], then choose “Always use https” at the bottom of the page (be sure to  [Save Changes]).  It’s quite simple.

The tool to execute this hack will be released in two weeks

, though others may be working on it already.  I’d suggest you make that small change to your Gmail settings right now.