Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

9/18/2014
01:06 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Google Backs New Effort To Simplify Security

New organization Simply Secure aims to promote and shape more user-friendly security and privacy technologies on the Internet.

Google today announced its support for a newly formed organization called Simply Secure that hopes to eliminate the nagging security and privacy tradeoff of complexity that plague Internet users.

While there are plenty of tools available today for securing users' content, communications, and online activity, they are often too hard for users to use or implement correctly, Google's Meredith Whittacker, open research lead, and Ben Laurie, senior staff engineer, wrote in a blog post today:

They introduce extra steps or are simply confusing and cumbersome. (“Is this a software bug, or am I doing something wrong?”) However elegant and intelligent the underlying technology (and much of it is truly miraculous), the results are in: if people can’t use it easily, many of them won’t. We believe that people shouldn’t have to make a trade-off between security and ease of use. This is why we’re happy to support Simply Secure, a new organization dedicated to improving the usability and safety of open-source tools that help people secure their online lives.

Simply Secure plans to work with open-source teams, designers, and researchers to determine how to make these security tools easy to use. Among the efforts they say they plan to collaborate with are Open Whisper Systems, The Guardian Project, and Off-the-Record Messaging, "to make them easier to understand and use," the Google team says.

"We feel that plenty of tools are being built already, we just want to help make them better," Ben Laurie, Google senior staff engineer, said in an email exchange.

Laurie says the organization will look at how to best integrate design and user testing in open source software development and provide information on how to do just that.

"We have not absolutely nailed down the first projects, but it is likely they will be in the messaging area, particularly IM since the real-time and one-to-one nature of that environment makes it more tractable for early experiments," Laurie says.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
9/19/2014 | 10:13:31 AM
Re: How do we simplify security?
It took several hours for me to upgrade to iOS 8...ugh.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/19/2014 | 9:48:21 AM
Re: How do we simplify security?
Yes to your point about new iOS 8 security features. That is, assuming current iphone users can get through the update process, which requires a ton of storage (5.8 GB).  Moral of the story, is anything ever really simple in consumer tech any more?  
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
9/19/2014 | 7:27:59 AM
Re: How do we simplify security?
Maybe they will adopt the Apple model of keeping it simple yet functinoal ... I guess the new iOS security features will be a good test for that.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
9/18/2014 | 9:36:19 PM
How do we simplify security?
Hopefully, security can be simplfied. I'm curious whether the project will try to apply security from some new vantage point or simply coordinate the use of more tools.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
9/18/2014 | 3:33:56 PM
Re: Hard to argue against the concept...
Ha!  You are so right!  Sometimes it feels like we are stuck in a infinite loop.  Solution to vulnerability -> Solution implemented -> Vulnerability found in solution.  Rinse and repeat.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
9/18/2014 | 3:30:24 PM
Re: Hard to argue against the concept...
The interesting point here is that there are some good tools out there for users to secure their stuff. That's good news. But the tools just aren't user-friendly enough, so regular (non-tech security) users give up on them or don't even know they exist. Mainstreaming this stuff would be a big step.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/18/2014 | 3:24:05 PM
Re: Hard to argue against the concept...
I agree, Google would be one of the mandatory players in this effort. It should be an industry wide effort to succeed.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/18/2014 | 3:22:28 PM
Re: Hard to argue against the concept...
I know and I agree. The only problem we will face is that the next day somebody will find a vulnerability in it and we are back to square one.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/18/2014 | 3:20:38 PM
Simple, secure and easy to use
If we can simplify security that puts security concerns out of our minds they would be the ultimate situation I want to be in. Today, we either do not care until we get hit, or get bug down and lock everything down which leaves end users frustrated.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
9/18/2014 | 2:48:30 PM
Re: Hard to argue against the concept...
The holy grail of security, ease of use and high certainity of security, I wish them the best of luck.  I have a feeling that at some point in the near future someone will come up with a fool proof product that works well and stays out of the users way and the rest of us will be smacking our foreheads saying "Dang, I should have thought of that".
Page 1 / 2   >   >>
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing Writer,  5/28/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13817
PUBLISHED: 2020-06-04
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attac...
CVE-2020-13818
PUBLISHED: 2020-06-04
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.
CVE-2020-6640
PUBLISHED: 2020-06-04
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.
CVE-2020-9292
PUBLISHED: 2020-06-04
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.
CVE-2019-16150
PUBLISHED: 2020-06-04
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded ...