The security director at Google Inc. said Monday that a HTTPS-based website is a safer way to protect users from possible security attacks, emphasizing that major South Korean search engines do not support this system.
"Top websites in (South) Korea that don't support HTTPS are Naver and Daum. It's not just a problem for (South) Korea but a challenge for the world and the developers," Parisa Tabriz, the head of the team who protects Google Chrome and its billions of users from criminal hackers, said during a security forum at Google's office in southern Seoul.
|
Parisa Tabriz, the head of the team who protects Google Chrome and its billions of users from criminal hackers, speaks during a security forum at Google's office in southern Seoul on Feb. 13, 2017. (Yonhap) |
Google began adding security warnings for websites that do not use strong encryptions beginning in 2017, putting a clear "Not secure" warning next to online websites that use unencrypted HTTP connections rather than encrypted HTTPS connections.
Tabriz said HTTP websites, which account for nearly half of the world's websites, are vulnerable to attacks that Google calls in security terms, "man in the middle."
"Encryption will give the security we need. HTTPS does not solve all security problems, but it provides a foundation for this," she said.
As to some complaints that Google's HTTPS policy may be expensive and time-consuming, the security expert said switching to HTTPS isn't easy but necessary.
"It is just a misconception that there is cost. It was true 10 years ago, but cost is no longer true for today," the Iranian-American hacker who protects Google said.
"Without the HTTPS, there is no privacy," she said, adding that HTTPS websites have steadily increased during the past one year with Google's effort. "We also published a transparency report."
As for general security, she advised Internet uses not to reuse or use the same password for different websites since hackers know this, and they will attack the weakest website to obtain personal data.
"Don't login on shared computers and verify your account security setting," she added.
After spending 10 years at Google as their self-appointed "Security Princess," she also served for the Barack Obama administration as a security expert. In 2012, Forbes magazine included her in their "top 30 people under 30 to watch in the technology industry." (Yonhap)