|
|
|
|
|
|
| Search | ||||||||||||
| Vulnerabilities Alerts | ||||||||||||
|
||||||||||||
| IT Directory | ||||||||||||
|
||||||||||||
 | |
|
2010-05-17 14:56:23 | |
| The search giant announced on their official blog that they will offer an encrypted version of their Web site starting this week. | |
|
Back in January, mostly as a response to Operation Aurora, Google rolled-out HTTPS for each and every Gmail Web mail account, thus ensuring a higher level of security and confidentiality for Gmail users. It is now the turn of Google's flagship product to go secure.
While he has not given much detail about how it will happen and how it will work, Alan Eustace, Senior VP, Engineering & Research at Google, did announce last Friday on his company's official blog that this week they "will start offering an encrypted version of Google Search." Just as it was the case in January, this move happens shortly after a security-related incident involving Google. This time however, the problem did not come from the outside but from a bad piece of code included in the software used by Google's Street View cars. Meant to simply obtain SSID information and MAC addresses as the cars passed by WiFi networks, the software also happened to inadvertently gather "samples of payload data from open (i.e. non-password-protected) WiFi networks." Eustace added: "However, we will typically have collected only fragments of payload data because: our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second. In addition, we did not collect information traveling over secure, password-protected WiFi networks."He also stressed that the company was busy making sure to properly destroy any data that had been gathered by the Street View cars. It seems like it was a honest mistake on Google's part that prompted them to apply enhanced security measures. Encrypting search data cannot really be anything but an improvement, as it should protect people from disclosing information that could compromise their anonymity: outsiders will not be able to access Google searches when these are encrypted. And as we know, seemingly benign searches can tell a lot about an Internet user. However, an obvious downside is, as it was mentioned in Gmail's HTTPS announcement, the fact that "encrypted data doesn't travel across the web as quickly as unencrypted data," which may result in minor slowdowns. But Google searches are usually performed in fractions of a second so this should be hardly noticeable. Security professionals will certainly agree with Zeljka Zorz of Help-Net Security, who seems rejoiced that "obviously, the time has come when security is starting to be more important than cost or a small increase in waiting time." | |
Reference 1: http://www.net-security.org/secworld.php?id=9299
Reference 4: http://viaroot.com/news/view.php?id=89
No comment on this post.