Google offers secure searching to protect from nosy bosses and ISPs - 4 views
-
El Mexicano Pastiche on 24 Jan 12Google has enabled encrypted searching using SSL (Secure Sockets Layer) which it says will prevent "employers and internet service providers" from reading what is sent. The possibility that employers and ISPs might be watching peoples' search traffic clearly concerns Google, and it has often concerned employees.
- ...3 more comments...
-
Tranny Franny on 26 Jan 12Essentially what Google is trying to do is to offer people a way of securely navigating their website, using SSL, so that people don't have to worry about being monitored. People can see if they are using the secure version of the google search engine if the web adress cointains "https" rather than just "http". SSL works as follows: 1- The web browser being used checks the websites' certificate to make sure that the client is connecting to the real site and not someone intercepting 2- The encryption types that the browser and the web site server can both use to understand each other are determined 3- Browser and Server each send each other unique codes to use when encrypting the data that will be sent 4- The browser and server start communicating using encryption, leaving the web pages secured. For more information on how SSL works ckeck the following website: http://www.ourshop.com/resources/ssl.html
-
The Zhan on 02 Feb 12The following article shows how the asymmetric encryption inherent to SSL (Secure sockets layer) and TLS (Transport Layer Security) have been rendered useless by a tool called BEAST (Browser Exploit Against SSL/TLS). It attacks the "AES encryption algorithm" used in the cryptographic protocols. "BEAST is able to grab and decrypt HTTPS cookies once installed on an end user's browser." "While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests". "Transaction confidentiality based on the SSL TLS V1.0 protocol (the most used still today) is dead." "The only true defense from fraudulent transactions is to sign the (...) transaction data so that the attacker cannot inject bogus material. This means effectively using a token with a pin pad." "Fixing the vulnerability that BEAST exploits may require a major change to the protocol itself." http://www.itpro.co.uk/636304/ssl-under-threat-as-flaw-exploited