|
|
|
Google Considers Tightening Gmail Security
By: Brian Prince
2009-06-16
Article Rating: / 6
There are 0 user comments on this Network Security & Hardware story.
Google announces that it may make use of HTTPS the default configuration for Gmail. The move comes after several security and privacy experts sent an open letter to the company urging enhanced protections for Gmail, Google Docs and Google Calendar.Google officials responded June 16 to calls for better security by
announcing that the company is considering turning on HTTPS in Gmail
by default for all connections.
The announcement follows an open
letter sent to Google CEO Eric Schmidt by nearly 40 security and privacy
experts that urged the search engine giant to enable industry-standard
transport encryption technology by default for Gmail, Google Docs and
Google Calendar.
"Google already uses industry-standard Hypertext Transfer Protocol
Secure (HTTPS) encryption technology to protect customers' log-in information,"
the letter stated. "However, encryption is not enabled by default to
protect other information transmitted by users of Google Mail, Docs or
Calendar. As a result, Google customers who compose e-mail, documents,
spreadsheets, presentations and calendar plans from a public connection (such
as open wireless networks in coffee shops, libraries and schools) face a very
real risk of data theft and snooping, even by unsophisticated attackers."
Click here to read what Google had to say
about the security of Google Docs.
In response to the letter, Alma
Whitten, a software engineer on Google's Security & Privacy Teams,
blogged that the company is planning a trial phase in which the move will
be tested on small samples of different types of Gmail users.
"Unless there are negative effects on the user experience or it's
otherwise impractical, we intend to turn on HTTPS by default more broadly,
hopefully for all Gmail users," Whitten wrote. "We're also
considering how to make this work best for other apps including Google Docs and
Google Calendar (we offer free HTTPS for those apps as well)."
"We know that tens of millions of Gmail users rely on it to manage
their lives every day, and we have offered HTTPS access as an option in Gmail
from the day we launched," she continued. "If you choose to use HTTPS in Gmail, our systems are
designed to maintain it throughout the e-mail sessionnot just at log-inso
everything you do can be passed through a more secure connection."
Free, always-on HTTPS is unusual in the e-mail business, Whitten noted, but
can help make the Web safer.
"It's something we'd like to see all major Webmail services provide,"
she wrote.
In the open letter, the authorswhose backgrounds reach from academia to the
research communityoutlined the risks associated with account hijacking and
data interception through tools such as packet sniffers. The letter also stated
that Google does not do enough to encourage users to enable encryption, and
that the "Always use HTTPS" option in Gmail should be extended to
Google Docs and Google Calendar as well.
"We strongly urge you to follow the lead of the
financial industry and enable HTTPS encryption by default for the users of
Google Mail, Docs and Calendar Given the huge threat posed by identity theft,
it is vital that Google take proactive steps to protect its users from these
risks," the letter stated.
|
|
�������x}r㶲s\@♵MR-b[^f&uT� I)'ˮ��O7�t%_&3S%�l�h|Gλ�$i9cr3ݩk��j.w߽�!�[f8i�TE[�]ߤ~�Am;t� =4mFNHB��~}@~sfw��D%x�_'Щ�ѩ&wɄZIК�ؕ>}~qlv�.pvLQ�m/5x�uGpnFA|�Qχu)t�(D>-Dm:\'���ߣ*C7�ݩx8/DeO�HYɼ�M"h4"j�>wn3�w23���X]~�D4��ڮq�8]�b'*#O^3j�c㥨�H�aP`\ 9t}�^-
G�J;vy�'M�8NfQ%p/F:tm3C������k>LNZ]@Z�Sˆ辥{$�)5�< \g4"�1lp<�E9$�7��\hяZIfOl+qtR8�E[5G0m_k|��uv3< 3~3 CoZej% =�y7`BaC9Lj�Z�
L|:j�/�EӝF3l˸-:4
PS+}(Z�+{1g�U�
whk\(�U0>
n0u�p;\Jz}u=;yؼ} Fb��}�"UJ@D�Z-�i"
0i!5&�tt<_MB^�$9@FI?n��j/4E;J
KHS�=
(����N,#�uG�Ҿ췯;6鷏ώ;S$oIJ1<�ZMӀ�H�Z�vB�,�E%M{#kr9n�>3鐚&�tXaV|]kU[_oG�!M��[CE�C�0ʾ�~Fb{t&�pt9&�IoJDz|?!:_��C��J�ݖe�L_*X_˟�/Rzhf5
x�C�X&%92ɔc�Pu��t:��C;|sƊNm҄&
�)B:%u(��5�>Hr
Q@a)#8?��%�i�8�@r5)6�K .7R�?o�fz�CU�C�Z9nVĨ9U�SA�EI7CD� r23y�B(&�PHQ��>L�y%Ku}7�p�@W-}rlNVڒ1Wb{gH
.Cuv}BzW^�?]{68^%glh|��X.B2iK1QW5MGVOL�_@r�/*r[�h ��2ud8��İ1nґ>â�xA��A�ӧIz|JMk6m�uI=X�C#ʠ�:ڴ{\gV���4!>�&-/ Qx�٭�lE%H_�¤�<�)
FA��=H:}m�`�~�5$ǎ�@ �L���s'09��ښB�"�QފС4�a�
vhi�q�pp�yY?�0�»g��{`���5�#~[-[�Z6x�O͙A Q�N\Qo�@'�dSJJds���4.'H(AH �9[h���� ]��99�
�ŊPݑ�vZ)JH�T*nO�q$cwV*+es�MX)gQY,�p[/)�Pf%�5{~4�cbB�|#'&�Xr`Y
�\d+|�h)lb
�6؛ri:|:ioB{4��0s���uY�,$-Xb ɉ�&1C
IK,O�4� x�B1!q"�%st0x>h3�Vh��N( ./��a0'�S'�9�X0N,cBb+p5(Bk?f P&=6=g=϶Y$uP:%qK�:9A7ÚLG�VG+oo; =p
؇��#UV3_I<2_N#iۖs7M�+� h�B=WsF��'A|5
�i!s'Xe�on<�Ey�5cuUU.F�iJ
~�t�jz�#J�ݼ~h���;h{q#%Aw
�=�e河�xO:[[%7˺�I8�T*{Ҵ.�Z)퉟e�Y
mc-0^�Ԣ,a|u(" !�l��siŴ,B
/0|:Cb&^&thQ&�u���a�C�+%UV�LLX�:^�^Me+ �L��2�4
0�S~8��-j5�fSXS�;h�M>^�!'!�C��|Om��j+�Co��{LrCm0�G
"�˞C{_&]�1V�W=PZ`!?�ՊRR�4� �q/#Y��/�m0ܑk}>bD�ugNPOK�˙�'瀚:$ZCfGᠦV���Ĝ8riPzP*��cW�E˿\v�g�;fc�p+|\sg�I�7�Ѿhʰe�Zh`Zu6$sD(�Mgh&\3Qt�P7&8�m4dH�ڸ�/|P"58�z�x��@*�&�DBZ� �-�-UŨN=)
=��g`q�TR=OqP%�УGii}~هF9C!߬0P�P@W&7�Xfe�Y:�
~_�m��^J39X>>:
'01�2&�z-Cv0���ˌJ#4ByQ�ipw\pR 2���[Ep�dEN\pCy!+p�DZQO�]\c�)>(zo
�ѲI�TNБ1�[D {@�nuESUG�݀ޭ�n/�F���+ F��6@\=!<��vo��(0f�f{B[�
`{I-~,¿rZjL�R'@ �u0�cqey�@0p�ሙ@FCS؇`m/ �RۯTʞuN�"X썿9KC�b�RD��i^{p��� J';pL�j'� %Jkfx�+s�JbO�W2EDEx�kC铰ݙY$w&J��y*AA�/��5r��M;fr/��cS>/��#W5���d$fqN'�0cp&v�=
[��,)3?{:��kdy{��Wz�Эt;Gq;YqL-&oZ#�d�0=��̞�̝�
m�dۨ�X9)2�?`�(_�J`kOpTcHk;}Xp_IUP3)æRQ�u@VI^A�ұg�/@C׳@g.lLQX��G�VUe@5iH1k
9
=EZЋvc�*&j�ĮOm�8o,�yJu8e3 S`e3*~���~h��KJ]��ad|?T\S=@V�:}ݤ1p
Nu4 H/}NJR�DuATܴ�JZV7O
�\vOJ�9
^M�
L%Kf?ͥ�Z5?c�D~�sB��x@erI�MYI�{QK CnK�-%.O@^�ذ:z�f�Snio�[k��Zx\sXҌh;~�X^�5IdH�$fPq+Z}_@iuI+KZ��̡=2f{c�V�$�}/ �\F�I's3ҿ
��BDoS�wg�ts�ć)
RfCZִ2Hw
ضVU�'D.,ӄ1Z�rY�ç,D,t�2jUk`W��ʠ��<� �j�;!�]8`�CMM8qc
�oR9����
"�$DDOC�Vi&�gX&�J*6ǟ�M�1Ή�{Z]}{�" }M�AUv٩�Gf#��;?Jn:'�R>i/.:� s�t'_u{~{y@�Dмy֏��y珥%<�j�ԹwQCrlK^'+֓�!�w"y�KrBV�ë�=utq)q�f�m2XG<2u\8$��D/8 m̀@
�c^9`B4c-M'S�A0��u0aVxy�F_aݪ�,$"0�.�
I��ku:=>��
�� cJ=!�Vo8[#Y9LB���
�`E/ԩ
#A�D�rIGzZF�ijqʼn�π/`Ea�1:�(:{_QKᷜo5�?ů1K7�xA�h[(kt�Nz<��\1[i�N:|$=Br�^'18�;=h1��I��ec�]Z�qm}
zs@&iR'D[3pq*hKhwI�e�
ޜ,Hu9Ym@yjZӽM3%[/GG�X ;[
.ViH�_8_`w["�,G7��<�mt� }6PR4jշΫV~D��C�6�OY̓`(�9+rq�]ȩ_uwX̧{�E~"rFntL�7ÝԎ+^@(NEVu2k�x'��_YN.t0o����89]cΣd�tWc�T1;��>^�h9G�R��r0&xf&�4Nl�Ewy'("KxQ�ESrc�]O}0]v�Y�8zd2
,f}��x3D?,�yiҒ91>onR;-�4z4ݷP%( >Q.=]awQ;]x͞6vYiEU�9.r\�-"�nǸZYཤ|>O�90)7�=E$/A�f} mD.EBa"fs�ME[o<ק{cef7F?m�?C4��ȥN<�;曂;��`!3( ��а�5�m�{8g
0� )4T0h�l?|n�wcLRx266�y��) h4RwV`7�lf8�W
��֍N��
�7��V�9e�O�c#ޚU^�?�2�%;l�ߔ��c͘37�cp/*
w^�?�XR|
���.w?i{\nEa�Q(^ h�
}�"s�(u��KtvZ:�F�,�ފyti2�Z.?�DI#OF�{�p|�K]q�.�Zu/tL�G�S̜|"�T՟cb|>h쮳\W�Pz�{3`á�H�O
<+퀰�\v,#mnUcC)OF�(t`�IZCz#>36��Qޔ9/m&�!�d�0[.�]Q�&��RHK�Rπ�
�覣onZ�dlJV"("ZX�2k�3 T�9�QuTňou
x�a!< �`,*h꩸H��]Jߔ/i^�C]:]d�?1��OhJ,z)�b@��?��8#]Ljmϧc+B�| dZJJU(g.FS�⋇M3GF�h��欑*Z�ֳBm$I��* p��T��^~NSep팷�C2) qy7777wW%M}
mX�[`cXۊ�9�y0m-m�YѧS.ey{WR�ZZ&RXw�S��y{�Yj|ubMү4tF87?7]F�+┱fae�}�%3_<�I5�P��DR��St��ztowwv]g�p
sZ��$G|-X/Ym/h?rы�*�nO2��:fG)4C�[L
oNto�Yoc䭼=d�?hJ~~'~`M=�u'<~'&�jqh!W:�&8-ʅ(p��L��/;I'�Hre$#F<;NwDQޯ*F]{F9-
C~;P-��%8��YWS�=vq�Cv�M�rzaQ�#�ʵmq|�&EYWp�q.�=%\ e9L
X"UĤ�A�҂�B<«w�ĨW@mH�H�W�k}s+��#,�+b֪��Z�"�'"�KI�H ^X0:h�D]dbɤ;���^R7T�e\�sf6�1%�'�Q>sjtVS՜�R�<^g�YJ��z~b= a=Ʊ*B 'UNz� ԣ:BME�WU"jd��~Ÿ�\� �6L}ZŠx!Vi
�?�l�+=uvX5*{�u3jY5BY57�Ep?\'�9ǻ.1W�d�XqeZ{cqȝ�F^hR�y[9i�4K5) >[S~�|-��?(BAd�?A�Ę�o�b>8���-^`η�vg�D^:(]LcL
��
Į�U
#|o�5Ao�q{m
�>8b9ŧә�E�:u_`��i*pM[d{=�y-h<#Թ|A�#G^o.9gF.F{d.�&Yq�o�ͳ�.0,&0{)9�sr;c{�±0-�@$=TA3?b)_6b~m�>9l�gŚ�,�Kf�"hVW1�6ZV��s.m�-bWld�b$@���^d�_�پiAzhuew=
d#�k�`E8Cߑ?U0L}NG��O��g�F�;5&�g<�>a:$�.+JAW)�c6���-=2&=`աu?䏃ِ
tS��|9[CG)W�9$#MYhr}S�1";9'0�ឩT1,{1-�kD�M(q�i+8<4>?_zi}bn�O�KZ��
�5"��
B�[cD�;�XRiaxL b`�^r�{4bw��Q�(1^y|v��#@[/b �6C��;b<1#bH�c@�x(/�H'�UN��]N"�@��� '
o����?B5D��R*%n67P���0S�N\<7��Y�ef��xp�Ƨ�X<�^�6'+נ!5=�
1�YG7`C[�5E�Y|ob�p� ?v�c!us
x\fJԎNK$%Ѕ8h,-@"!��9͉�Kk�c
7úޛXF #~�a�P8�\
��+z+uT'I]W@)q!xW`ǪZIWv x5nV?wX.4%W�
2�����I+�;}�^(^�G��L،P�áuuuvI^ۤw|ݹw}P֊E�_gn՝ɧէes/4O-�41F;�d�6MƋBrY:2 6Sf�r3\H�^Eǒ�<�^;KwY�Gcqq� ;Ga?)Qe3̋ q�~4A�/�NN۽ֆSz�Ƌ#xYjy5sλ��nzV�h9n��0FQc r��!>}ҽl�IJ/�s_r_sʯz}q�(SޅnN9Rz} झS~�O�?9y��NyY_9)4;'9пNN?ӹ)wrKS ?/?�9A5/r�3���{�E�~.`�9�ȡ�ϋ�D��G(S~�g9_@EN9e^�\%euݜwAtsO�K7G\�}\�5u�``9�k}��9�?>#c�n&�&~oonr/$)G�Ay+ZWpzz;29)�G9R{�W�KӜ}(ϑgU�s�Vn�Va�{jg^�W� k{^W�Kͮ0TntK6[k8&ֲaq_l �_xi�
�+{Iy@�ⅇW4:<)X9vFnm��
SG0V;2}*q_ �d`6gG�|םۈZ�ufpo@�R�O���ێ�6Lp���c͘]#&]P�O"M�x^���;4m�F22XJH~1L�
nb�[>/I>gq?u'�fIo��"�G�S ?5Oxv�/�G�<$l��`���@�C~rh`=)Q��%IAFW]$� A_$|Nbh�Rx₆�7gM�a,Nd=:r?D�
u��fnI[Q��=$F�l+F2}jSo:h}t;Wxt
D�d |A\
�BG=XO�t(E,�Ma-���f�Y䒐X�=�L23q4��Y�8��
'f{{[o}\D)R%:�Tun�g�c|@ăx!$k0VT�?{��[l=$y1|t,G䷧g��cւ�_�/gзc/;K{KV9�(�(&�]�a1Fʫu\z�$r|1)HxrHIhC>��~�EE#`A�0^e�D$u@Ч�
�߆Ϩn��C��>X��Z��e.,s0ŬBSh�<�)O?G[n�\�k<>b�i�E�PL/c<�9z��An0$ ,�WKmM;qmjir��U`7'#�~*��V��œA>p8C3 �ܐ}olI
�C_x��r8���I W�)6�O��-����`ꎈM��@6iژH\�*,Dlf)����K�?Z'mr�Χ(@PP���OWt:�y@�t
z�l뎮�E{�Ofu�ݎ¼жJWt�{��]Kl��CcmR>D1e~}J<3�g(u",@zP�hP}+�K�ei$Vi)�>�n)ZF�$c-�ԭ䅤<�P8��_~C.vQ%eNܔ�uF.Dm�hT4X�%*lˢ�7�M��/߶�7qݼg¶,yX\�F\X�3'5c��b@xVO�=d_q�x�FN|L/�X�}qxur
2^9FB~ea�ԐdZͼ*?҂g'
Q\�F$30(�y�
l�+���m5�0X�1+ ���R9(t>
cJ\g��ۂ�~�Ӎk[Ɯ���˱Y)���*�lw6��k+�Ѐ7HY;PE"�10�ON�=� z�Bk|XK�]s&&tĵa}ar8Lt4QS|�J)Km)g�3�{߂ �i�x�v�4<@Tf�_E@�G7dyUĄ�f�ٵBZJGnr�m�mc{Jhi�F��"5cP!X�]-nB@:� ��εx C��,$��ˋ�}��cyx Uf}')VS/�̀.ȟ8�3}E.t�ʢR�}��v,:~vڎ�.3J�bq')iwޟ�V��wϻ X7u㖗�ypy"E�m9EKB^ �T>Vurҹ|�S&ȕ/g�2f#-<��#Dg˳̆UZ*$4o�)FҢpL\岞+ziKmw9n�~뉘H�Oa6%s\ɜK�BS+4�WY/WiS}*
Cf'ʱ �wm&lult�6�1�͝��k,+��
|
Network Security & Hardware 
