Google Beefs Up Security for Its Searchers

Google adds SSL security coverage to searches by logged-in members.

SSL. You use it when you do online banking. You use it at some online shopping sites. And now you can use it to protect yourself when you do Google searches.

SSL is used to secure information travelling between points on the Internet. That's done with encryption, which ensures that if someone intercepts your data while it's in transit --like a username or password-- it will just be gibberish.

While SSL has been around for awhile, it's only recently that its adoption has been stepped up, with the likes of Facebook, Twitter , Hotmail and, of course, Google incorporating the protocol into its offerings.

Google added SSL to Gmail in January 2010. It now has expanded its SSL coverage to searches conducted by logged-in members or for those who go directly to a secure search page (you can tell it's secure by the "S" after the http and/or the lock showing in the page's URL).

What SSL Does for You

Performing secure searches will prevent Internet snoops from snatching your search queries and search results when they're returned to you. Why should you care if your search results are intercepted by a third party? Those results can be used to create a profile of you. That profile can then be used to market products to you or even to design flim-flam schemes to con sensitive information from you.

Using SSL search will also cut down on the information you'll be giving to websites you visit from your search results. The company explained in its blog that a website will still know a query came from Google, but that the site won't receive information about individual queries.

Advertisers, though, will be unaffected by the new scheme. "If you choose to click on an ad appearing on our search results page, your browser will continue to send the relevant query over the network to enable advertisers to measure the effectiveness of their campaigns and to improve the ads and offers they present to you," Google Product Manager Evelyn Kao wrote in the blog.

"We hope that today's move to increase the privacy and security of your Web searches is only the next step in a broader industry effort to employ SSL encryption more widely and effectively," she added.

While SSL is a good step toward making the Web more secure, it's by no means a panacea. "Man in the Middle" attacks have been designed to thwart it, for example. One such attack will reroute your SSL traffic to an insecure site by changing its hypertext protocol from https to http.

Another method hacks the SSL server so it responds to an SSL request from your browser with a redirect message. That shifts your browser to an insecure site where the hacker can do dirty deeds to your data.

The growing popularity of SSL may be inducing hackers to take a more insidious route to undermine it. A spate of sorties has been reported in recent times against the entities that issue the digital certificates at the core of the SSL system. By breaking into those bodies and issuing certificates that allow hackers to masquerade as such sites as Google, Yahoo and other high profile locations, miscreants can fool any browser into thinking its communicating with a secure site when it's actually not.

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.

Copyright © 2011 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline