Gmail’s Encryption and the Heart Bleed Bug - Indus Net Technologies

We've been helping companies grow for over a decade! Check our success stories

x
buzz
 
back

Gmail’s Encryption and the Heart Bleed Bug

April 30, 2014 by Mainak Biswas under Digital Marketing Marketing198 views
Share with your friends










Submit

Last month, Google announced that it has begun to encrypt Gmail messages in order to provide an extra layer of security. The idea was to keep content on Gmail protected from both criminal and government snooping. Encryption was already made available as an option in 2010 but right now, you cannot turn it off even if you wanted to.

Google explicitly states that no one can read or listen to your messages as they are sent back and forth from Gmail’s servers. This rule holds good whether you are using a public Wi-Fi or you are using your own computer at home. 100% of the message that you send is encrypted internally so that they remain safe even when they are moved internally between Google’s centers. The announcement from Google also makes a reference to Edward Snowden’s revelations in a very subtle manner “last summer’s revelations”.

What about the Heart Bleed bug that has affected websites?

Google’s decision was a step in the right direction, especially, when recent news reports have begun to flow that the Heart Bleed bug is out there, affecting millions of websites on the Internet. The Heart Bleed bug attacks the OpenSSL software, which encrypts data so that no one can snoop on you. Hackers can easily exploit certain flaws within OpenSSL encryption and steal credit card numbers, personal details and other sensitive information.

You might think that changing your password will protect you but it only does so much. If the server on which your information is located has not updated their software to ensure that the Heart Bleed bug is taken care of, it really doesn’t matter whether you change it or not. Gmail and other tech bigwigs have already updated their software to protect you against the Heart Bleed bug. What is worse is, any site that uses the OpenSSL encryption can be compromised and until they fix the patch, there is very little that you can do about it.

Tip #1:
However, to begin with, you can change your Gmail password along with those for your Facebook, Twitter, Yahoo, Amazon and Tumblr accounts.

Tip #2:
In whichever website you have saved your credit card information, you should change passwords on them as there is absolutely no way to know which websites have been affected.

Current status of Google’s encryption and the Heart Bleed bug

As of now, Gmail looks like it is protected and the fact that they made the effort to encrypt all our messages last month is an indication that tech companies are taking security seriously. On the other hand, it also exposes the vulnerability of cyber security, which constantly needs to be monitored and there is no way to make sure that we will always be safe. A heightened sense of vigilance will help us to make sure that our information is not compromised. If more companies begin to follow Google’s example to encrypt all data, risks will certainly reduce to a large extent.

Is there anything else that you can do to keep yourself safe?

She probably made a pop-culture reference but we cannot ignore the dry humor in Ellen DeGeneres tweet:

“I keep getting emails to change my passwords. I’m not falling for it. I’m sticking with “Portia123” thank you very much.”

We cannot stress enough on the importance of making your passwords complex and difficult to crack. There are still people who use their birthdays, father’s names and other easily identifiable information as their passwords. It is very easy to hack these accounts and there is no one to blame except the user who refused to make his or her website’s password difficult. Try and make your passwords long and always include letters in upper and lower cases, numbers and special characters.

Tumblr, which recently sent an email advising its users to change their passwords not only on its website but elsewhere too, had this to say:

“You should also strongly consider enabling two-factor authentication. It’ll go a long way to ensure that no one besides you can access your account. Thanks, and take care”.

Try to safeguard yourself online from potential threats by changing passwords and making them complex; and also be thankful that Google was one of the first tech companies to encrypt e-mails. After the Heart Bleed bug saga, encryption, complex passwords and two-factor authentication have become all the more important.

Share with your friends










Submit