Feeds

Google turns on SSL encryption for search

Https option for google.com

SANS - Survey on application security programs

Google has added SSL encryption to its primary search engine.

Today, with a blog post, the company announced that netizens now have the option of establishing a secure https connection when searching google.com. To use the service, you must explicitly visit https://www.google.com (Notice the extra "s"). At time of writing, the link was being redirected to Google's default, unencrypted search page on our computers. A spokesman says the SSL service is being rolled out gradually on Friday.

The service also uses its own Google logo, so you can be doubly sure that SSL is in place:

Google SSL search logo

"The service includes a modified logo to help indicate that you’re searching using SSL and that you may encounter a somewhat different Google search experience, but as always, remember to check the start of the address bar for 'https' and your browser lock indicators," the post reads.

The "search experience" will differ because Google has not extended SSL across companion search services such as Google Image Search and Google Maps. Because of this - and because establishing an SSL can slow things down a bit - the service carries a beta tag.

"When you search using SSL, you won’t see links to offerings like Image Search and Maps that, for the most part, don’t support SSL at this time," the post continues. "Also, since SSL connections require additional time to set up the encryption between your browser and the remote web server, your experience with search over SSL might be slightly slower than your regular Google search experience."

Google promised https for search in a blog post last week, when it announced that its Street View had "mistakenly" captured payload data from open Wi-Fi networks as its cars drove across the globe snapping digital photos. "This [Street View] incident highlights just how publicly accessible open, non-password-protected Wi-Fi networks are today," last Friday's post reads. "Earlier this year, we encrypted Gmail for all our users, and next week we will start offering an encrypted version of Google Search."

Google also offers SSL as an option with its Calendar, Docs, and Sites services, and just recently, it added SSL to Google Web History and Google Bookmarks, after a security vulnerability was found in the search personalization service that taps Web History. Google hopes to add https to other services as well.

Yahoo and Bing have yet to offer encrypted versions of their services, except when users are logging in. Hotmail this week announced plans to offer always-on SSL when the service is relaunched in the next few months.

A Google spokesman also indicated it plans to make SSL encryption the default for search. "We hope to expand the functionality once we better understand how it affects users' search experience," the spokesman told us. "We expect that encrypted SSL search will slow down Google searches by a small degree, and we don’t like the idea of rolling this out to everyone before we’re able to test the performance effects and gather feedback from our users." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.