Google Search Experiments With HTTPS as Ranking Factor
Google regularly works on improving Web security for users. In July, Google unveiled its new "Project Zero" initiative to directly battle targeted attacks that are made against Internet users in an effort to make the Web safer for the public. The project, which will fight things such as zero-day attacks, which are attacks on code where serious security vulnerabilities have not yet been found or patched, is being built up by Google to fight an increasing threat around the world. As part of the new effort, Google is seeking to significantly reduce the number of people harmed by targeted attacks by hiring additional security researchers and contributing 100 percent of their time toward improving security across the Internet. The Project Zero work will be done transparently, with every discovered bug entered into an external database where it can be tallied. In June, Google added an early alpha version of a new Chrome browser extension that will soon give users the ability to bolster the encryption of their emails while in transit to recipients. In April, Google asked developers who build applications using Google APIs to update their apps to the latest OAuth 2.0 authorization protocol so that user log-ins will be as secure as possible in the future. OAuth 2.0 is an authorization protocol for all Google APIs that relies on Secure Sockets Layer (SSL) for security instead of requiring individual applications to do cryptographic signing directly.Also in March, Google asked IT security experts to contribute their best tips and tricks about how to stay safe on the Internet for a project aimed at everyday users. In December 2013, Google reminded enterprise organizations and their business users about the security safeguards and options that are available to them if accounts are hacked or if mobile devices are lost or stolen. Using available tools from Google, IT administrators can peer into and control how their users' accounts are working and make changes to recover stolen accounts. Also available are Android device-management tools that help organizations manage Android and Apple iOS smartphones and tablets using the Google Apps Admin console. In 2013, Google also improved its methods for helping Website owners recover their sites from hackers and hijackers. The improvements included additional security tools so Webmasters can find information about security issues on their site in one place and pinpoint problems faster with detailed code snippets.
In March 2014, Google announced that all incoming and outgoing Gmail messages will also use encrypted HTTPS connections to better protect them from interception by attackers or spying, in response to allegations in the fall of 2013 that the U.S. National Security Agency (NSA) had spied on data in Google and Yahoo data centers.