If I were to log in to - let's say - Gmail.com (which uses HTTPS by default), can my login and password be intercepted if I'm on an unencrypted wireless network?
And if I still have the login cookie from a previous session so that I don't have to reenter my login and password, can third parties get access to my account? Is there a distinction between HTTP and HTTPS here?
As long as a man-in-the-middle attack is not in progress (unlikely), your data is secure over https. If you're ultra-paranoid, do what I do and proxy your web browser through an SSH tunnel whenever you're on a non-trusted network.
Yes, one being encrypted via SSL and one not.
In fact, without HTTPS all sort of login forms are unprotected / unsecure. Even with WEP or WPA variants. all sort of wifi traffic encryptions are easily decryptable because they can get everything between you & the remote server without doing nothing on your pc or with any network device that you have used for infrastructure. all packets are in the air coming & going. Any hacker can save them without your information/permission. if you are so paranoid. even HTTPS is not certainly safe for your concerns.
Use your own proxy/tunnel. All hackers will filter packets by what they need. they never save whole traffic. when you type gmail on browser's address bar. it will ask for DNS information of gmail on UDP port 53. that's the trigger when the hacker starts to save the dump. to get rid of all sort of attempts you can only use your proxy. a good OS proxy (eg. proxifier for windows os) with a good proxy/socks server supports nonstandart decryptions (in this case you have to use linux remote machine with SS5 or Danted or any variants.)
(Note 2 Erika, i wrote this as a comment but it's didn't let me to send because of letter limitation)