Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Google Considers Tightening Gmail Security



 By: Brian Prince
2009-06-16
Article Rating:starstarstarstarstar / 6


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Google announces that it may make use of HTTPS the default configuration for Gmail. The move comes after several security and privacy experts sent an open letter to the company urging enhanced protections for Gmail, Google Docs and Google Calendar.

Google officials responded June 16 to calls for better security by announcing that the company is considering turning on HTTPS in Gmail by default for all connections. 

The announcement follows an open letter sent to Google CEO Eric Schmidt by nearly 40 security and privacy experts that urged the search engine giant to enable industry-standard transport encryption technology by default for Gmail, Google Docs and Google Calendar. 

"Google already uses industry-standard Hypertext Transfer Protocol Secure (HTTPS) encryption technology to protect customers' log-in information," the letter stated. "However, encryption is not enabled by default to protect other information transmitted by users of Google Mail, Docs or Calendar. As a result, Google customers who compose e-mail, documents, spreadsheets, presentations and calendar plans from a public connection (such as open wireless networks in coffee shops, libraries and schools) face a very real risk of data theft and snooping, even by unsophisticated attackers." 

Resource Library:

Click here to read what Google had to say about the security of Google Docs.

In response to the letter, Alma Whitten, a software engineer on Google's Security & Privacy Teams, blogged that the company is planning a trial phase in which the move will be tested on small samples of different types of Gmail users. 

"Unless there are negative effects on the user experience or it's otherwise impractical, we intend to turn on HTTPS by default more broadly, hopefully for all Gmail users," Whitten wrote. "We're also considering how to make this work best for other apps including Google Docs and Google Calendar (we offer free HTTPS for those apps as well)." 

"We know that tens of millions of Gmail users rely on it to manage their lives every day, and we have offered HTTPS access as an option in Gmail from the day we launched," she continued. "If you choose to use HTTPS in Gmail, our systems are designed to maintain it throughout the e-mail sessionnot just at log-inso everything you do can be passed through a more secure connection."

Free, always-on HTTPS is unusual in the e-mail business, Whitten noted, but can help make the Web safer.

"It's something we'd like to see all major Webmail services provide," she wrote. 

In the open letter, the authorswhose backgrounds reach from academia to the research communityoutlined the risks associated with account hijacking and data interception through tools such as packet sniffers. The letter also stated that Google does not do enough to encourage users to enable encryption, and that the "Always use HTTPS" option in Gmail should be extended to Google Docs and Google Calendar as well. 

"We strongly urge you to follow the lead of the financial industry and enable HTTPS encryption by default for the users of Google Mail, Docs and Calendar Given the huge threat posed by identity theft, it is vital that Google take proactive steps to protect its users from these risks," the letter stated.





  Reader Comments: Google Considers Tightening Gmail Security
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


xr80VӮc]mT!rYӖT婎PP$$MK;/qؗgLBITϖ˖0$D"w?IturF3k}jxޢ>? ?Xf0TE[ \Ϥ^-Am۟@Ou 5rj9:ruz=>;|9|@D%cjAM&#{Fm_&2z5ܯ3 fE1;FI=Mk9JGD~9K;="?+B⻶eMao}{Xe;'7 )*X^P~D;q #|=x:a/M˟ l׸ڮUX'[vB1BEۺwGդQ@ؓ:IuhmUb'Өbbx#Q^]õ]&\./RF eCwtSƺS]kԏ 1l{`<E9$7 \j?ypȳؖ`>N8CYnհ}=-:Ѝ<8]Ԓ],r,U)0wS&>_ɤ:أZr$˺7h4öCٰ5T:Ԫr\ˇJy/^yxx?X>̾Xip'ZߺJY4E9lwZ9(֝;` nKVa*ڭӛNs#WOw~@.{A~Aw"DT)Jj\(ODCajhZ^HuFFI/j;j9,4E; KHR S$XICF/XTU9Db9i5Ozg򓩥yk\ߴMk^ܴH>߉ekby 1=b Jw"=[WۧKYK;7u")|vg5M0\̱8֪׷V׏`KK'^CM[CyC0-ߕҡ#1t9}nqo]띑]ڗ;Bey#$7{7$̛cM|`I`6L2Xc]NY*E`Kc7I3뾖;j\K=0[-RF ƺJpJq䰉kYSl \o4x M2X U >hI,E[!fTLK$o# ef"`Q%u. '|#8Jn.b? [&gɇfeٜ%YWa.Lo\zFMt;W~j7Ƈ&8^%glh|X.B2iK1.QWG5MGR>MWJPX=.‹ʡb(7ZdL,1,OP7PA^_ςI5tO|BMk6 tI< YC#ʠ:ڴ\Vc4!D& a{4ڭl= KPI}xXOk9LP"wC h&r=kIׇ.[?? { G`r\ɽ5y0+wK@b!(զOCπY\7 >)@}> X9{ݲeǀxԜ/Sx?+1 Lt =JIAL}Nt"BђF 4  gsX"K"''s [AX;;.VKŤ\*1=Ri !KwRKvn KŔ=*%nqR%a 3ʬ$&vφaZLboD6], S m-mu{6 z`Nơ yj尤vQ#U^ğLŝ|CZa3#O̠_#&(2 ɚ)O,ThWf3&ᠺN4Sy%2{B; a3s]etGeܳ%=?P%зJN/ '$50J7nZALM2t͏E=kb$`~f =DwļZB_wAkMtg 7aT5<6D ȸau-`by>dc]Wѹq='aKc:EZ"m˙0/7uX8[͆CBE-Hx ??uPV˿^u3z-6Q? !7ܕVR53]։;lRz||pݑM% Ul RNC(Xk±&>,<<+h0ԁ 0 ~"]lA$>\P`t>* eX) 5*IMxm"`/?ŒbtXQH ]jk{]w+\s~g^l^av"O`%O-p2HU>X}@1Sde`Syt d=*䪢#?݀ΝΟ#Џ]!.~1X A7+(SӞ̥jXX%RO.x[zGcgԿC $rѹm?RdW᧘VQpiϹu2|[\[S Q|7Z0dƏQabX[ T}gzoR.E׌u0ȀN{Wlȡ1p_܏SܷV}uP@& ͳiLl[tܷ p]ozJ~ QB<Z\#h zf[}#}y=%8r zĀİ/h{~UM+%u2YhSIpg#HٚIκVu LلY𫇥*ktݿy j9z{'q7ge _?M] [L4zɖ0g`OO- v uhՂ|ͧ jV-~x4Giwrʣ: ߀&?\qcca#2"_A7_~F8ÄonթrVgPWtZ/3Oiq* ҧ4A̘!YT<F|jb" v}cj&l|l'We7M3*PZJp9փ ` 뼂RUFWӛM U!7TՀN>NGnRH|X%7:iv<$rc-Bdqq#n UbPQKJB'aC:g-& vaN0q܇J3ڛ5^,@M|GZ q4I#⩬y0.Ɨsk' G̦:zfS&t]6 y*1n%vemBX׵I78Cְ CnƝj@iUI+T Z} 2AatA*}7*\FIvSf﩮 Ϛ8A|=f^%5RiEmT)ܓN-ӄ1zAbE-ã,z(d2rY+`7'ʠK= j ;! ]DZq|V n&<1wOX]dK!MWF@"'!Z+3,qvë eVqm^?3Z cS7/ZU{" }M ޟpفbßyc(m'@ϢcY4M}޹Iv2AiNkux렘EeG߫闽,5.aЇߤY_GtL`뇛ǫ3n|hS,/LdNR(1I1>`d˙](bogg 6|v< 2CH4|uNqu%}ڹC|uՔ:'s5B AHև#FW!zN/lfS L k;d8) hdqH15{0LQ5!/ssּĂ! Qל$"j\N3$nPe8^;јW!9²VXHE`&|C Wtrc}E9,{B*q^_6>G2se9^SF(+bK)"$DY \ggM_f|3bt8|Qt"w[5Ho1r!~_!cߗ&8~ ɮPh,Ub:ntD:dNlp l_`ecrg4-3_"TS(-ӤND)fTSeoWXkI)j[YUH*?vƇ)b.̔yxh= ($rD.aC>?V${ݙ8hcIs ذq ;eΫ Pf|vv ,Nݗ>W}>0l{Tѵl s2M c.`p;GR r0x&4lywy#+x~4qjZ9SuSf ˳1q!~xFM>x@uS棏g 95'Ny V:7n^S{20)}~k_; ?-l-8t砖TϏ%ɘNFBAWU-u*lko rY9sJUWVr{ѡhd,#Qd176P2QY:pGҤsÙcmf<ݸw[f1rfio=|} ~ ]=PI=)~=Ғ(r_ZD Nq5Q{qI9.xs?,r`\TzH^8؈ڃ} uUF6m>9-3hL 6;x2oor:߇L?G OFx՛R\6@Id3p l|nwkLRx26y)1h4Rol9lv8W - ֍N 7V9e W_÷zgVy} |x|[v[ o1g&o)#__J;UI26  \AӞ <N~-nɸE'Öx->_'`65hfV،̓uYSbAŇ&Lj3j+dXZ7va`rOwtJÔFbyaph.Ou%`eݦ^зSgg7,Vf"\@+J4Z)1Z/?:]'EGBe&ǻI@Z_͐ɒ O V@/xZ yS+`Kb#&E @[NpmCAŤR0!R^wC YY~`E:ve}KcϝPn:SH,r D:]4 H{IS2GGG_߶o$U4m]YiEVa$YU$L+sfj@b%f9"R{%5BBx(`,*h꩸Ѱߝmɪ\dӺ@H=L19k]K, -w)uҭ׉[NfsX)fKt0<K gт(%Gj,lK6p}6 )ZR, TJOrKjUҴbrAHEBhI`>OL+ gCJdn_J/Ihm7pե3ϵLěj 7aXwjEST& 4i-"@,HfdY Rӱ" ȩ?Giu[2-?KfC=q[naH_3\]Oj5aZU(4l TN R4RL.|.tE$Tԟ %(g'4n&x5-xT%N馸 AU 6j.J-ˀ~8AோJK 䣐RϹa \;f5hq %< U^i){cyi  ]}tO:>Lt˖zԦ4KW>FJqqsCB[L# \oJL(gD̂Jْt;`-?"#5 ;RP.Q }DGKX+%'c)DS[X%3Kׂ.u1n/Y]CQJ@ A +!.#PyK(ꅋaE5@>Nn@J.`} %qC\?ڢ-R CWjavr'10oVt>r*KOOX65GO; 1-G]ߺꖔlr &N].u;Vre@z<,̒mԨI/ʡm2bNT'M-l2:(Uk 3$g& t|FsS[x#Շ(y $[r!"A${‹_H|t-Ga98Hz8y(wwwwk-տL|ef4:jbZN`݉ Aʄp+V?5Ƃe>L~+#%c}N<|`[Ԃe2 x7xj`GΣM#o SNu~=Fo߄.CpGjf_ַ= TR)wiERR / e RYo3{KM`p)7{B)^+(NCT[WpOՁדpNxɡfuC GfHϿՓ˷hNhuIS!*qdyN{mV)Tjhk'1=̺ĵ؆_?NZTˬkru$Q3 ƹ'}e",NkV5P2uaDKop@䂉h =@\/cAp]|@Q{=KG SA鄆ű?yx ^;^ "K&5Dߑy3Mt{iaȰ1fSYh95`!cb9jP]͹OQ. ]ZˣXuZ.{<V@TpkLxpP:qU3HR&kJTH4i``7:oh1 3r3#66j=!vӚ \7j=!vئv̈́󄾋7Zzڝ۳ DU$¹֝UnȓPc-* ;,}}:@% w[K`65~@OR.g@%[5\ 0!X6)lNW-TsZ.Wz`NMOZՔV-`{dsZ|eph|k[#y P=ӂ"QGl;F^*iByS9ih kPх%OZ=ҳ&^|-?(vBAfӓƳ,f' cm5X40Kk q I Dؕ ^Rc$W c - |29a?9f;6vfRj73>^3B{s^?rbSajb +KN,/.^`hKZI<+. NcC1h:';~ GЁHSjX:?K k`\adxd=-]7Tgbaq "hVW1JZ.<_!ƘaX ^DU<11t+P̲jNT]֏pYl@`mļϴ@BSx/ &Gd.$!qs5D; roEVIz# ,@ E슍\agB p՛H%jv/^V <;CyVƞ;콉.n@as>NiD`c$ϾSc~FsCO좺t`9n Os.cٴ}VZ؟ ܰJ7O5t$rkqCL9҄{Zכr0Qݺ ?1f@L-ǤaIAX#hBGH[~gnq79o6-i`IkB\A~cs= xaG 1b10 a9=c1;$_ Xz@0[?ccZ|,{{GǙ;fQ7s o I栋9vqY@y+DD݂`Aa~N­!P)awS0Zof`6u}``EP00a|Lwe~d@Mo?gg:^YSrROmj7^RU8j67a\nq4ħeG:W\=4[E%eFPkFoP[F ߬/?m62;P(GJ/?53Ot}9<?2#\_~/Z[gz,gZWVFv3?C2~oɘ616og33ӆ3lgg賝AȣW2/"P63a~2 *`2d!: _::>o~n2 f fˠ޿_?}}̠OP))c|2w Y@{ f wAI]'Iz|ָƅ)IFy)W?ɠRE৬rXB]gBy<++PA/Үw2 < ?3_u3 ̭LZקBX\jzr+g^61WZ1nvd b}a/ KPe^ٛT2#GPipKxEó##htoĶ.p&}:=WWvl+Jy._[nNJ>S\ȜH8VɴFV !똮9|.y|e8NtGYwU/3i˘Јw;=q*9.n 9#p+U}.nmG;yh#ֽ2b;w K췡\t{zY)W8#~y̞^ Ud٤V`l}Tq8 j5&pJ!J8?0 H-M׳pNeJqbBP[t,xO_ NW镆.1ǽ@;a[@R#l VT+[-WJr= fDDã*R%}e`rX*V&K=3 .=m^d fM-ϡ'!p<@>fJC DK(xYx+cDz_,mBfP6սD<'u~m

? T@| %\6LDR}N0~NZ]v0N9DEP޹!/;vm)fGNFp)N<}q?ڢ uK ğopm.;+CO1ΪTU|>cxH^-7&0&+nOvGD '>6'كl4=`6f@(Fْ[0?Fqo/ASlk 6[ +"ۂ Jmˤ6q¹"UXJٍ ,~:3ΚƝMQh| W9,Bu6 ^|:uOW]Q'FaJ׼t{%!ҮT)Vxz\n2?>Şi3|@ ]( of8`y%K@44 78ǩk[Vmx4;~ݾÀg fkKTg{U\M(X7m-* XGڦZ QaW~nb=/x랉ve+{B70* ]x gWP X-f1!Dv88)ҡCCԞR!e´#T 1L(P,R.גWv!Z~|E>byx Uf}')VS/π.ȟ(3}E.tqea@T,7u{/Kc^ <\FuTO3uG??ot[5ˌhT*.㉋oŧM nғn:Τ4hI:fH]7ZW񲞽Tw r̳p7*Р~oM-jez'14mEgl(3W'JZR۽wNE^'e9PUd%rR⊫+E4>!an؄;66BJF:6L]_[ P>͖+