Google continues to crusade against unencrypted connections. Revives proposal from 2014 and wants only sites running on HTTP henceforth indicate Chrome red cross , which gives visitors made it clear that their communication with the site is not encrypted and therefore – is unsecured . Deficiencies in security and authentication will mark emails and Gmail to its users urged to careful handling.
Google Chrome and HTTP connections
Parisa Tabriz, princess safety of Google, Chrome developers declared its readiness to indicate clearly all websites running on HTTP as unsecured .
This follows the proposal of Chris Palmer, a security expert from the Chrome team, which is a group forum Google already appeared Dec. 13, 2014:
“We, the Chrome security team, suggest that the browser user interface based on the information user agent indicated the non-secure connection is clearly not safe. “
Palmer explains the reasons for this proposal: “We all need to have their web communication was secure (aka private, paired, without foreign interference). If data security is not secure, user agent browser, it should explicitly tell the user that he could make an informed decision on how it will be a source of unsecured data to interact. “That’s why Chrome takes for the unsecured HTTP sites of the same label, which already indicates weak secure HTTPS sites – such as those that use outdated hash algorithm SHA-1 .
If you want to deploy the tagging now, you can do so via the advanced settings Chrome. In the address bar enter chrome: // flags, locate the item Mark non sources as insecure and elections will choose Mark non sources as unsecured . After restarting Chrome, all HTTP sites marked with a red cross.
Gmail: the message unencrypted and unauthenticated sender
Accent security and encryption line across Google – including Gmail. John Rae-Grant the Gmail team describes a security access this service, “Gmail always use encryption during transmission using TLS , and if possible, automatically encrypts incoming and outgoing e-mails. Implements industry-standard authentication to prevent identity theft. Furthermore clouds run other security measures to ensure the privacy of your e-mails. ”
Encryption, however, must of course support both communicating services. Gmail because of its alerts users when they receive email from insecure sources TLS (beside whom appear red icon unsecured lock ). With incoming message reader nothing is done, the maximum sender warn that communicates unencrypted.
Otherwise, important case – when sending a message – Gmail again notifies the user. After entering your email address pointing to an insecure service again this icon appears – this time, however, warn users: “Do not send this e-mail confidential information, such as contracts or tax returns.”
The final piece of security news icon with a red question mark on the spot photos sender. It appears when the Gmail fails to authenticate the message and its sender.
Sources: Motherboard.com , Google Groups , Official Gmail Blog , Help Gmail , Twitter