Apparently Gmail has been a rather favorite target for hackers especially from China so what Google did was to start encrypting Gmail through the Chrome web browsers and https in your address bar in the Chrome browser it means that your Gmail is safe from outside eyes trying to take a peek into your inbox. However you access to http://gmail.com it will lead you to the unencrypted version 0f Gmail, but that’s assuming you’re not reading your emails through the Chrome browser…………
Gmail users may know that Google has always offered an encrypted option through the https address https://mail.google.com and until now the use of that encrypted version has only been available by manually entering the address. The reason for that, is because using an encrypted connection for your mail can slow things down and Google already changed Gmail to use encryption by default, a mode indicated by the “https” at the beginning of a browser address bar that means outsiders sniffing network traffic can’t read your e-mail. People could still get to the unencrypted version by typing “http://gmail.com,” but no more for Chrome. “As of Chromium 13, all connections to Gmail will be over HTTPS. This includes the initial navigation even if the user types ‘gmail.com’ or ‘mail.google.com’ into the URL bar without an https:// prefix,” Google programmers said on a blog post. They said that approach defends against sslstrip-type attacks, which can be used to hijack browsing sessions. The technology used to enforce the encryption is called HSTS, which stands for HTTP Strict Transport Security and which lets a browser specify that a Web site may only be used over a secure HTTP connection. HTTP, or Hypertext Transfer Protocol is the standard that governs how Web browsers communicate with Web servers to retrieve a Web page.
The moves dovetail with Google’s attempt to make security a prominent selling point of its browser. By improving Chrome’s security, the company stands to benefit directly by making its own services less vulnerable and indirectly by making the Web a safer place for people to spend personal and professional time. Google is a prominent target. It has disclosed attacks on Gmail it said appeared to come from China, some in 2009, and more this year. To try to make attacks harder, it’s added two-factor authentication to Gmail, which requires a code from a person’s mobile phone as well the ordinary password. Most people don’t appreciate the measures Google is taking to secure Chrome and its browser-based operating system, Chrome OS, argues Sundar Pichai, Chrome’s senior vice president, in an interview at Google I/O, pointing to measures such as running plug-ins such as Flash and a PDF reader in a sandbox, using a verified boot process with Chrome OS and making Chrome OS‘s file system encrypted. Chrome also is the vehicle for other Google ambitions, for example to speed up the Web. Among aspects of that effort are an HTTP improvement called SPDY; a new ability to preload selected search results pages so they display much faster when a person actually clicks on the links; technology called Native Client designed to run Web-app software much faster and the WebP image format that Google argues is faster than JPEG.
It’s not just about making the Web faster and safer, though. When people use Chrome to perform a Google search, the company doesn’t have to share any resulting search-ad revenue with other browser makers such as Mozilla. The HTTPS-only access to Gmail isn’t the only security move Google is making and Google also is trying to ensure that no users of Chrome and Gmail will be vulnerable to a problem that reared its head in March when an affiliate of a New Jersey company called Comodo was hacked, apparently by an Iranian. Now, for some sites including Gmail, Chrome only can obtain certificates originating only from a short list of providers, not from the hundreds available on the global Internet. That list includes Verisign, Google Internet Authority, Equifax and GeoTrust, according to a blog post by Adam Langley, a Google programmer. He adds that the list is visible in Chrome’s source code. In the longer run, there’s another significant security move on the horizon: Google is rebuilding Chrome atop its Native Client technology, gradually making more parts of the browser execute in a more secure “sandbox” whose isolation from other computing resources makes it harder for attackers to take over a computer through a browser-based attack.
A close cousin of security is privacy, for example in the case where a government might want to see if a dissident has visited a particular Web site. Browser makers are working to extend beyond today’s private-browsing modes that don’t leave traces on a computer to private-browsing modes that don’t leave traces on servers, either. For example, Chrome, Firefox and Internet Explorer all are getting a technology to delete local stored objects (LSOs), which in practice means it’s harder for Web sites to keep track of users through “evercookies.” Standard cookies are text files that can be deleted by browser users, but with Adobe’s Flash Player, other plug-ins, and new HTML storage techniques, there are more ways for Web browsers to store that data even when ordinary cookies are deleted. Chrome is based on the WebKit browser engine project that’s also the foundation of Apple’s Safari. Now WebKit engineers are evaluating the idea of “tracking-resistant browsing” that reduces that fingerprint. One example, described in the WebKit documentation of the tracking-resistant browsing, concerns the user-agent string–the text a browser sends a Web server to describe its version number, compatibility and operating system. Differences between different people’s user-agent strings means that a each carries enough information to narrow it down to about one in a thousand randomly selected browsers. Even a thousandth of the total number of Web browsers is a huge number, of course, but there are plenty of other ways to narrow down a search: time zone, installed plug-ins, fonts, and screen resolution and more.
| « Previous
Google Web Mapping Now Track Your Phone
| Next »
Leaked: Google Nexus 4G Details