June 17, 2009

Google responds to call for more security

In response to an open letter from dozens of noted security analysts, Google this week said it intends to more broadly turn on security features in its Gmail application by default.

The internet giant also said it was considering how to extend the protection by default to other applications, including Google Docs and Google Calendar.

The six-page open letter to Google CEO Eric Schmidt was signed by 37 researchers and academics in computer science, information security and privacy law. Specifically, they asked Google to protect users by enabling “industry standard transport encryption technology (HTTPS)” for Google's most popular web applications.

Without a persistent encrypted connection, users can open themselves up to snooping and data theft, even by untrained hackers who can use freely available tools on the internet to perpetrate their attacks, the letter said.

In response, Alma Whitten, a software engineer with Google's Security & Privacy Teams wrote in a blog Tuesday that the internet giant would consider the researchers' recommendations.

“We've long advocated for — and demonstrated — a focus on strong security in web applications," Whitten said. "In fact, we're currently looking into whether it would make sense to turn on HTTPS as the default for all Gmail users.”

 

Google currently allows its Gmail users to opt in for always using HTTPS. Meanwhile, users of Docs and Calendar can login to a protected session by typing HTTPS into their address bars.

But any move to having users automatically protected with the protocol is unlikely to happen immediately.

“We're planning a trial in which we'll move small samples of different types of Gmail users to HTTPS to see what their experience is,” Whitten wrote, “and whether it affects the performance of their email.”

Whitten added that Google is considering how to "make this best work with other apps," such as Docs and Calendar.

Whitten's sentiments echo a section of the open letter to Google pointing out that users of Microsoft's Hotmail, Yahoo Mail, Facebook and MySpace also are vulnerable to data theft and account hijacking.

Google's response seems to be meeting with positive reaction, at least in some sectors.

“Google's rapid response is pretty good,” Christopher Soghoian, student fellow at the Berkman Center for Internet & Society at Harvard University and author of the open letter, told SCMagazineUS.com in an email. “I hope that executives from Yahoo, Microsoft and Facebook follow Google's lead voluntarily, and spare me the effort of coordinating similar letters to their CEOs too.”

 

Related Articles
Related Topics
close

Next Article in News

Sign up to our newsletters

More in News

Bitcoin mining botnet has become one of the most prevalent cyber threats

Fortinet researchers have tracked 100,000 new ZeroAccess trojan infections per week, making the botnet very lucrative to its owners.

House Intelligence Committee OKs amended version of controversial CISPA

House Intelligence Committee OKs amended version of controversial ...

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

Judge rules hospital can ask ISP for help ...

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.