Gmail Guards Against Eavesdropping

Not only is Google relentless in terminating its sleeping assets, off beam acquisitions and underperforming segments, the giant is raising its measures to secure its territory on multiple fronts. With a diverse lineage of products and services that spans social networking, search to mobility, Google cannot afford a miss on security. With this idea in mind, Google’s security team is taking the game to the next level as they create a long term “forward secrecy” solution to protect data.

In his blog post, Google Security Gugu Adam Langley provided insights on the present and future adversities challenging security.

“Most major sites supporting HTTPS operate in a non-forward secret fashion, which runs the risk of retrospective decryption. In other words, an encrypted, unreadable email could be recorded while being delivered to your computer today. In ten years time, when computers are much faster, an adversary could break the server private key and retrospectively decrypt today’s email traffic.”

In response to the fraudulent Google certificate attacks, and to perhaps prepare for the foreseen foes, Langley detailed the enhanced encryption now being offered in Gmail, Google Docs and other services:

“Forward secret HTTPS is now live for Gmail and many other Google HTTPS services(*), like SSL Search, Docs and Google+. We have also released the work that we did on the open source OpenSSL library that made this possible. You can check whether you have forward secret connections in Chrome by clicking on the green padlock in the address bar of HTTPS sites. Google’s forward secret connections will have a key exchange mechanism of ECDHE_RSA.”

But this isn’t the first time that Google tightened up its safety belt this year. In March they acquired security Analytics software developer Zynamics. This tool develops offensive and defensive security maneuvers.  A few months later, the company beefed up their malware detection system.