SSL

Google 63 To Usher In Two Significant Changes

September 26, 2017 | By Comodo SSL

Google 63, which is expected to be released by December 2017 is going to usher in two important changes, in an attempt to secure its users, apart from continuing to gradually deprecate the ill-issued Symantec’s SSL Certificates. Therefore by the end of this year, users can expect a much-improved Google Chrome which will effectively safeguard them against hacking.

Websites Using FTP Protocol Will be Marked as Not Secure

One of those changes is “marking those websites which are using FTP protocol as not secure”. FTP stands for “file transfer protocol” and this technology was widely employed – before the internet as we know it came into existence – almost exclusively by academics and members of the military for transferring files between computers within their respective networks. These days, FTP is normally used for uploading web pages and media files to web servers.

The problem with FTP is that it does not encrypt traffic by default. Therefore files transferred using this protocol remains unencrypted (that is, in plain text form) as it travels between clients and servers. Because of this reason, the information can be easily intercepted by eavesdroppers or hackers. Although FTP can be secured using SSL/TLS for protection, unfortunately, FTPS (File Transfer Protocol Secure) is not widely supported feature on most browsers, including Chrome, due to its low usage rate.

In a post on Google’s Security-dev forum, developer Mike West explains this move from Google as a part of the “ongoing effort to accurately communicate the transport security status of a given page”. He further goes on to add that, “We didn’t include FTP in our original plan, but unfortunately its security properties are actually marginally worse than HTTP (delivered in plaintext without the potential of an HSTS-like upgrade). Given that FTP’s usage is hovering around 0.0026% of top-level navigations over the last month, and the real risk to users presented by non-secure transport, labeling it as such seems appropriate”.

Therefore going forward, Google recommends websites to move from FTP to using HTTPS or the SSL/TLS technology for better security. And if they don’t, the browser giant will label them as “not secure”.

Google Users Will Be Warned Of SSL/TLS Interceptions

The next change users of Google 63 will see is SSL/TLS Interception warnings. To put it in simple words, if Google Chrome suspects that the SSL/TLS connection is being sniffed at by hackers, it will immediately warn the users of such a breach, so that they remain secure by terminating the connection. Technically put, it will prevent any “man-in-the-middle attacks”.

While SSL/TLS technology itself can prevent a large number of MITM (man-in-the-middle) attacks using the encryption it offers, there is a possibility for attackers to intercept this encryption and perform a MITM attack even when SSL is in place. This usually takes place because of SSL misconfiguration on the part of administrators. But the worst part is that the affected user may not even know the attack has taken place because of a few SSL/TLS errors. This situation is going to change with the introduction of SSL/TLS interceptions.

These warnings have already been made available in Chrome’s dev browser ‘Canary‘. The feature just needs to be turned On, in order for the browser to display these warnings.

Final Words:

Equipped with these features, Google 63 is, without doubt, going to provide good protection to its users. Therefore, come December 2017, one can expect the internet users to be a bit more secure than they are right now, because of the security measures Google has decided to take.

Buy SSL Certificate

Posted in SSL,Technology

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory