Google looks to kill man in the middle attacks

Chromium updates will address man in the middle attacks, Google announces.

Chrome

Google Chrome researchers have announced Chromium updates to tackle man in the middle attacks, focusing on "mixed scripting" vulnerabilities.

These vulnerabilities occur when a page served over HTTPS loads a script, CSS or plug-in resource over HTTP.

"A man-in-the-middle attacker (such as someone on the same wireless network) can typically intercept the HTTP resource load and gain full access to the website loading the resource. It's often as bad as if the web page hadn't used HTTPS at all," read a blog post from Chris Evans and Tom Sepez - members of the Google Chrome Security Team.

They announced blocking mixed scripting conditions by default would be trialled in the first Chromium 14 canary release, meaning it could appear in the Google Chrome browser in future releases.

An infobar showing when a script is being blocked will also be added.

"As a user, you can choose to reload the website without the block applied. Ideally, in the longer term, the infobar will not have the option for the user to bypass it," the Google researchers said.

"Our experience shows that some subset of users will attempt to click through' even the scariest of warnings - despite the hazards that can follow."

Tracking your identity

In another security play, Google introduced a new tool on Wednesday to help users monitor their identity on the internet.

Called Me on the Web,' the feature can be found within Google Dashboard beneath the account details link.

Me on the Web offers recommendations of notifications for mentions of users' names or email addresses in websites and news stories.

"Me on the Web also provides links to resources offering information on how to control what third-party information is posted about you on the web," said Andreas Tuerk, Google product manager, in a blog post.

"These include common tips like reaching out to the webmaster of a site to ask for the content to be taken down, or publishing additional information on your own to help make less relevant websites appear farther down in search results."

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Asus Chromebook CX9 (CX9400CE) review: The most stylish Chromebook on the market
Laptops

Asus Chromebook CX9 (CX9400CE) review: The most stylish Chromebook on the market

18 Jan 2022
Google banned from importing patent-infringing tech following Sonos IP victory
Policy & legislation

Google banned from importing patent-infringing tech following Sonos IP victory

7 Jan 2022
Google, Facebook fined €210 million for making it difficult for users to reject cookies
Policy & legislation

Google, Facebook fined €210 million for making it difficult for users to reject cookies

6 Jan 2022
Google is working with leading PC manufacturers to improve Android on Windows
Google Android

Google is working with leading PC manufacturers to improve Android on Windows

6 Jan 2022

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022