Feeds

Google: OK world, make our 'End-to-End' crypto tool SPOOK PROOF

Source code released – now you can kick the tyres

The essential guide to IT transformation

Google has released the source code for an encryption plugin for Chrome that makes the secure sending of email easier.

The web giant said its End-to-End Chrome plugin, currently in alpha development status, will provide a secure method for transmitting data between users, with data encrypted locally in a user's browser and decrypted by the recipient using OpenPGP. The code is provided under the Apache 2.0 licence.

While Google offers limited security for its webmail service Gmail – by forcing HTTPS connections for all communication to and from the web server – the search kingpin said its Chrome plugin will expand protections to other services and allow for message information to be secure from endpoint to endpoint (so long as you're running Chrome with the plugin installed).

In order to assure that the plugin will be reliable for users in sensitive positions (such as activists or human rights workers), the Chocolate Factory is only providing the source code for End-to-End for now. The idea is to have researchers hammer away at the tool to find possible security flaws under Google's bug bounty program.

The advertising goliath is also hoping that research and further work on the plug-in will advance the development of other cryptographic tools for JavaScript.

Google said that once End-to-End is deemed secure enough for everyday use, it will make the plugin available through the Chrome Web Store as a free add-on. In the meantime, it has asked others to please not take the source code and submit it to the store themselves.

In related news, the online ad-slinger has also added a section to its Transparency Report designed to illustrate just how much of the communications its Gmail service handles is secure in transit. The company reports that, because other providers do not always support Transport Layer Security (TLS) encryption, currently as much as 50 per cent of incoming messages and 35 per cent of outgoing mail was transmitted in the clear, even though Gmail itself supports TLS in both directions.

Google noted that in recent months, the number of unencrypted messages has gone down as other email providers have enabled security for their services. The report found that, by comparison, in December of 2013 as little as 29 per cent of outbound email was encrypted, while inbound email was encrypted at a rate of as little as 26 per cent. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.