Google Blogoscoped

Forum

Security community wants SSL security for Web applications

Juha-Matti Laurio [PersonRank 10]

Tuesday, June 16, 2009
15 years ago2,258 views

"A group of privacy and security experts sent a letter today urging Google to strengthen its leadership role in web application security, and we wanted to offer some of our thoughts on the subject.

We've long advocated for — and demonstrated — a focus on strong security in web applications. We run our own business on Google Apps, and we strive to provide a high level of security to our users. We currently let people access a number of our applications — including Gmail, Google Docs, and Google Calendar, among others — via HTTPS, a protocol that establishes a secure connection between your browser and our servers.
...."

Link:
http://googleonlinesecurity.blogspot.com/2009/06/https-security-for-web-applications.html

Juha-Matti Laurio [PersonRank 10]

15 years ago #

The letter mentioned (.PDF):
http://www.wired.com/images_blogs/threatlevel/2009/06/google-letter-final2.pdf

Ionut Alex. Chitu [PersonRank 10]

15 years ago #

From the letter:

"Google uses industry-standard Hypertext Transfer Protocol Secure (HTTPS) encryption technology to protect customers’ login information. However, encryption is not enabled by default to protect other information transmitted by users of Google Mail, Docs or Calendar. As a result, Google customers who compose email, documents, spreadsheets, presentations and calendar plans from a public connection (such as open wireless networks in coffee shops, libraries, and schools) face a very real risk of data theft and snooping, even by unsophisticated attackers."

Shall I remind the experts that Yahoo Mail and Hotmail, which are more popular than Gmail, don't even offer HTTPS versions?

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!