This is Robert Graham posing with the GMail website open on his laptop.
Rob demonstrated to a live audience how he can successfully hack into web based email programs like GMail, Yahoo Mail! or Hotmail using the IP Address and user name (login) without requiring any password.
Let's not go in the very technical details but he used some sniffing tools called Ferret (to copy the GMail cookies to his computers) and Hamster (to use the cookies in his browser). [Details at ZDNet, TG Daily]
What can you do to prevent someone else from reading your GMail or Yahoo Mail ?
Rob's method works when you are using the HTTP mode to access your email (http://www.gmail.com/). Therefore the trick is to always use Secure Login.
Here's what you can do to safeguard your email in public wi-fi hotspots - use https:// instead of http:// - the entire session will be encrypted and the cloning cookies method will fail:
For GMail: https://mail.google.com/mail/
For iGoogle: https://www.google.com/ig
Alternatively, you can install the CustomizeGoogle extension of Firefox that will always force the SSL mode in GMail incase you forget to manually type the https:// GMail URLs.
Highly recommended also because Customize Google will also encrypt your Google Docs, Google Reader, Google Web History and Google Calendar session incase these Google services share the same cookie with GMail.
For Yahoo! Mail - Check the Secure Mode link that's available just beneath the "Sign In" button.
Related: Recover Yahoo! or GMail Passwords