Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

9/18/2014
01:06 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Google Backs New Effort To Simplify Security

New organization Simply Secure aims to promote and shape more user-friendly security and privacy technologies on the Internet.

Google today announced its support for a newly formed organization called Simply Secure that hopes to eliminate the nagging security and privacy tradeoff of complexity that plague Internet users.

While there are plenty of tools available today for securing users' content, communications, and online activity, they are often too hard for users to use or implement correctly, Google's Meredith Whittacker, open research lead, and Ben Laurie, senior staff engineer, wrote in a blog post today:

They introduce extra steps or are simply confusing and cumbersome. (“Is this a software bug, or am I doing something wrong?”) However elegant and intelligent the underlying technology (and much of it is truly miraculous), the results are in: if people can’t use it easily, many of them won’t. We believe that people shouldn’t have to make a trade-off between security and ease of use. This is why we’re happy to support Simply Secure, a new organization dedicated to improving the usability and safety of open-source tools that help people secure their online lives.

Simply Secure plans to work with open-source teams, designers, and researchers to determine how to make these security tools easy to use. Among the efforts they say they plan to collaborate with are Open Whisper Systems, The Guardian Project, and Off-the-Record Messaging, "to make them easier to understand and use," the Google team says.

"We feel that plenty of tools are being built already, we just want to help make them better," Ben Laurie, Google senior staff engineer, said in an email exchange.

Laurie says the organization will look at how to best integrate design and user testing in open source software development and provide information on how to do just that.

"We have not absolutely nailed down the first projects, but it is likely they will be in the messaging area, particularly IM since the real-time and one-to-one nature of that environment makes it more tractable for early experiments," Laurie says.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
9/19/2014 | 10:13:31 AM
Re: How do we simplify security?
It took several hours for me to upgrade to iOS 8...ugh.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/19/2014 | 9:48:21 AM
Re: How do we simplify security?
Yes to your point about new iOS 8 security features. That is, assuming current iphone users can get through the update process, which requires a ton of storage (5.8 GB).  Moral of the story, is anything ever really simple in consumer tech any more?  
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
9/19/2014 | 7:27:59 AM
Re: How do we simplify security?
Maybe they will adopt the Apple model of keeping it simple yet functinoal ... I guess the new iOS security features will be a good test for that.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
9/18/2014 | 9:36:19 PM
How do we simplify security?
Hopefully, security can be simplfied. I'm curious whether the project will try to apply security from some new vantage point or simply coordinate the use of more tools.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
9/18/2014 | 3:33:56 PM
Re: Hard to argue against the concept...
Ha!  You are so right!  Sometimes it feels like we are stuck in a infinite loop.  Solution to vulnerability -> Solution implemented -> Vulnerability found in solution.  Rinse and repeat.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
9/18/2014 | 3:30:24 PM
Re: Hard to argue against the concept...
The interesting point here is that there are some good tools out there for users to secure their stuff. That's good news. But the tools just aren't user-friendly enough, so regular (non-tech security) users give up on them or don't even know they exist. Mainstreaming this stuff would be a big step.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/18/2014 | 3:24:05 PM
Re: Hard to argue against the concept...
I agree, Google would be one of the mandatory players in this effort. It should be an industry wide effort to succeed.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/18/2014 | 3:22:28 PM
Re: Hard to argue against the concept...
I know and I agree. The only problem we will face is that the next day somebody will find a vulnerability in it and we are back to square one.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/18/2014 | 3:20:38 PM
Simple, secure and easy to use
If we can simplify security that puts security concerns out of our minds they would be the ultimate situation I want to be in. Today, we either do not care until we get hit, or get bug down and lock everything down which leaves end users frustrated.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
9/18/2014 | 2:48:30 PM
Re: Hard to argue against the concept...
The holy grail of security, ease of use and high certainity of security, I wish them the best of luck.  I have a feeling that at some point in the near future someone will come up with a fool proof product that works well and stays out of the users way and the rest of us will be smacking our foreheads saying "Dang, I should have thought of that".
Page 1 / 2   >   >>
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29446
PUBLISHED: 2021-04-16
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29451
PUBLISHED: 2021-04-16
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.
CVE-2021-29452
PUBLISHED: 2021-04-16
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this ...
CVE-2021-29444
PUBLISHED: 2021-04-16
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDec...