How Google could have made the Web secure and failed -- again

[InfoSec News <alerts () infosecnews org>]

http://news.cnet.com/8301-33620_3-57604604-278/how-google-could-have-made-the-web-secure-and-failed-again/

By Danny Sullivan
CNET News
September 25, 2013

You probably didn't notice, but this week, your searching activity on 
Google got a little safer from prying eyes. When you go to Google, it 
likely will transfer you automatically to its "encrypted" service, one 
designed to prevent potential "eavesdropping" on your searches. What's not 
to like with that? Chiefly, a loophole Google has left in for its 
advertisers and a lost opportunity to get all sites to go secure.

Blocking "eavesdropping" of search activity

Encrypted search -- officially, Google SSL Search -- protects you from 
"eavesdroppers" in the same way you're protected through an encrypted 
connection when you do online banking. Only you and the site you're 
talking with can "hear" your conversation. So with encrypted search, what 
you're searching for can't be heard by third parties. Assuming, of course, 
no one like the National Security Agency or hackers have cracked the 
"keys" to that encryption.

Google made a big push to increase the use of encrypted searches two years 
ago. Anyone who had logged into Google, such as to check Gmail, would be 
sent to the Google SSL Search, if they wanted to search for something. 
This week, Google confirmed it is forwarding users to Google SSL Search 
even if they aren't signed in. From the statement Google gave to me when I 
wrote about this on my Search Engine Land site:

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/