Google Chrome Will Mark FTP Resources As “Not Secure”

Google Chrome Will Mark FTP Resources As "Not Secure"

It seems like Google is making some serious changes in its products, especially Chrome browser to provide users a smooth experience and better security. Last week, the tech and search engine giant announced that  Chrome 63 browser update will come with a security feature that will alert users of ‘man in the middle’ attacks (MitM) while Chrome 64 will automatically block annoying autoplay videos.

Once again Chrome 63, due to be released in Dec 2017 is set to flag FTP resources. Mike West, a member of Chome security team announced that we’re planning to label resources delivered over the FTP (File Transfer Protocol (FTP) protocol as “Not secure.”

The reason for doing so is to increase online security and “accurately communicate the transport security status of a given page.” This means Google wants website admins and owners to move from HTTP to HTTPs. Remember in August, Google emailed warnings to webmasters that Chrome will mar HTTP pages with forms as ‘not secure.’

Screenshot: Google

“We didn’t include FTP in our original plan, but unfortunately, its security properties are actually marginally worse than HTTP (delivered in plaintext without the potential of an HSTS-like upgrade). Given that FTP’s usage is hovering around 0.0026% of top-level navigations over the last month, and the real risk to users presented by non-secure transport, labeling it as such seems appropriate, explained Mike”

“Chris Palmer, another member of Chrome security team wrote that Because FTP usage is so low, we’ve thrown around the idea of removing FTP support entirely over the years. In addition to not being a secure transport, it’s also additional attack surface, and it currently runs in the browser process.”

The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and server on a computer network. It originally came into use back in the 80’s and is often secured with SSL/TLS (FTPS). SSH File Transfer Protocol (SFTP) is sometimes also used instead; it is technologically different.

“As for FTPS, I’m glad it exists, but if we were going to focus on getting server operators to migrate to a new protocol, we would focus (and are focusing) on HTTPS,” Palmer further explained.

Source: Google

Related Posts