Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The internet giant also said it was considering how to extend the protection by default to other applications, including Google Docs and Google Calendar.The six-page open letter to Google CEO Eric Schmidt was signed by 37 researchers and academics in computer science, information security and privacy law. Specifically, they asked Google to protect users by enabling “industry standard transport encryption technology (HTTPS)” for Google's most popular web applications.Without a persistent encrypted connection, users can open themselves up to snooping and data theft, even by untrained hackers who can use freely available tools on the internet to perpetrate their attacks, the letter said.In response, Alma Whitten, a software engineer with Google's Security & Privacy Teams wrote in a blog that the internet giant would consider the researchers' recommendations.“We've long advocated for — and demonstrated — a focus on strong security in web applications," Whitten said. "In fact, we're currently looking into whether it would make sense to turn on HTTPS as the default for all Gmail users.”Google currently allows its Gmail users to opt in for always using HTTPS. Meanwhile, users of Docs and Calendar can login to a protected session by typing HTTPS into their address bars. But any move to having users automatically protected with the protocol is unlikely to happen immediately.“We're planning a trial in which we'll move small samples of different types of Gmail users to HTTPS to see what their experience is,” Whitten wrote, “and whether it affects the performance of their email.”Whitten added that Google is considering how to "make this best work with other apps," such as Docs and Calendar.Whitten's sentiments echo a section of the open letter to Google pointing out that users of Microsoft's Hotmail, Yahoo Mail, Facebook and MySpace also are vulnerable to data theft and account hijacking. Google's response seems to be meeting with positive reaction, at least in some sectors.“Google's rapid response is pretty good,” Christopher Soghoian, student fellow at the Berkman Center for Internet & Society at Harvard University and author of the open letter, told SCMagazineUS.com in an email. “I hope that executives from Yahoo, Microsoft and Facebook follow Google's lead voluntarily, and spare me the effort of coordinating similar letters to their CEOs too.”See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.