Feeds

Google: OK world, make our 'End-to-End' crypto tool SPOOK PROOF

Source code released – now you can kick the tyres

The Essential Guide to IT Transformation

Google has released the source code for an encryption plugin for Chrome that makes the secure sending of email easier.

The web giant said its End-to-End Chrome plugin, currently in alpha development status, will provide a secure method for transmitting data between users, with data encrypted locally in a user's browser and decrypted by the recipient using OpenPGP. The code is provided under the Apache 2.0 licence.

While Google offers limited security for its webmail service Gmail – by forcing HTTPS connections for all communication to and from the web server – the search kingpin said its Chrome plugin will expand protections to other services and allow for message information to be secure from endpoint to endpoint (so long as you're running Chrome with the plugin installed).

In order to assure that the plugin will be reliable for users in sensitive positions (such as activists or human rights workers), the Chocolate Factory is only providing the source code for End-to-End for now. The idea is to have researchers hammer away at the tool to find possible security flaws under Google's bug bounty program.

The advertising goliath is also hoping that research and further work on the plug-in will advance the development of other cryptographic tools for JavaScript.

Google said that once End-to-End is deemed secure enough for everyday use, it will make the plugin available through the Chrome Web Store as a free add-on. In the meantime, it has asked others to please not take the source code and submit it to the store themselves.

In related news, the online ad-slinger has also added a section to its Transparency Report designed to illustrate just how much of the communications its Gmail service handles is secure in transit. The company reports that, because other providers do not always support Transport Layer Security (TLS) encryption, currently as much as 50 per cent of incoming messages and 35 per cent of outgoing mail was transmitted in the clear, even though Gmail itself supports TLS in both directions.

Google noted that in recent months, the number of unencrypted messages has gone down as other email providers have enabled security for their services. The report found that, by comparison, in December of 2013 as little as 29 per cent of outbound email was encrypted, while inbound email was encrypted at a rate of as little as 26 per cent. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.