Starting in October, Google Chrome browser will mark all sites with text input areas as "Not Secure"
In a bid to enhance the security of the web, Google is taking a significant step by marking File Transfer Protocol (FTP) sites as "Not Secure" in its upcoming Chrome 63, to be released in December 2017[1]. This move follows the company's earlier initiative to flag HTTP sites as "Not Secure" in Chrome 62, set to be released in October 2017[1].
The Need for Enhanced Security
FTP sites, like HTTP, transmit data in plain text, making them susceptible to eavesdropping and man-in-the-middle attacks[2]. Google's aim is to alert users to these potential security risks and encourage them to use secure alternatives like SFTP or HTTPS for file transfers.
Google's Security Initiatives
Google's security efforts are not new. The tech giant has been actively working to improve web security through initiatives like the Safe Browsing Project, which includes flagging HTTP sites as "Not Secure" to nudge users towards HTTPS[1].
Potential Implementation for FTP Sites
If Google were to mark FTP sites as "Not Secure," users visiting these sites would likely see a warning message similar to the one currently shown for HTTP sites[1]. This would alert users to potential security risks and encourage them to use secure alternatives.
Google might also promote the use of secure file transfer protocols like SFTP, which encrypts both commands and data, making it safer for transmitting sensitive information[2].
The Symantec Issue
In a separate development, Google is also taking action against concerns about the security and integrity of Symantec's certificate issuance practices[3]. The tech giant plans to remove trust in Symantec's old infrastructure and all of the certificates it has issued in Chrome 70, to be released on Oct. 23, 2018[3].
This action will affect any certificate chaining to Symantec roots, except for the small number issued by the independently-operated and audited subordinate CAs[3].
Exemptions
Websites like Facebook, Twitter, Pinterest, LinkedIn, Whatsapp, Email, and others are not affected by this change, as they already use HTTPS[4].
The Importance of EV SSL
For businesses, Extended Validation Secure Sockets Layer (EV SSL) certificates are crucial for building trust with customers and protecting sensitive data from cyber threats[5]. EV SSL provides the highest level of assurance for a website's identity.
Conclusion
Google's decision to mark FTP sites as "Not Secure" and its action against Symantec's certificate issuance practices are part of its ongoing efforts to improve web security and protect users from potential security risks[1][3]. By highlighting the risks of insecure protocols and encouraging the adoption of secure alternatives, Google is playing a pivotal role in shaping the future of the web.
[1] https://security.googleblog.com/2017/10/moving-toward-more-secure-web.html [2] https://www.pcmag.com/news/363448/google-to-mark-ftp-sites-as-not-secure-in-chrome-63 [3] https://security.googleblog.com/2018/03/restricting-trust-in-symantec-certificates.html [4] https://security.googleblog.com/2018/03/restricting-trust-in-symantec-certificates.html [5] https://www.globalsign.com/en/blog/what-is-ev-ssl-certificate-and-why-is-it-important-for-my-business/
To emphasize Google's commitment to data-and-cloud-computing security, the tech giant is planning to mark FTP sites as "Not Secure" in Chrome 63, similar to HTTP sites, due to their vulnerability to eavesdropping and man-in-the-middle attacks. Moreover,Google's technology initiatives extend beyond FTP sites, with efforts like the Safe Browsing Project aimed at promoting secure alternatives like SFTP for file transfers, as part of an ongoing mission to improve cybersecurity.
