Google and Mozilla decide to ban Chinese certificate authority CNNIC from Chrome and Firefox

/in /by

Google and Mozilla have announced that their browsers will stop trusting all digital certificates issued by the China Internet Network Information Center (CNNIC), China’s main digital certificate authority. The decision follows last week’s news from Google, which said on March 20 it discovered unauthorized digital certificates for several of its domains. Google found that the certificates were issued by Egypt-based MCS Holdings, an intermediate certificate authority that CNNIC allowed to operate.

On April 1, Google updated its blog post with the following statement:

As a result of a joint investigation of the events surrounding this incident by Google and CNNIC, we have decided that the CNNIC Root and EV CAs will no longer be recognized in Google products. This will take effect in a future Chrome update. To assist customers affected by this decision, for a limited time we will allow CNNIC’s existing certificates to continue to be marked as trusted in Chrome, through the use of a publicly disclosed whitelist.

While neither we nor CNNIC believe any further unauthorized digital certificates have been issued, nor do we believe the misissued certificates were used outside the limited scope of MCS Holdings’ test network, CNNIC will be working to prevent any future incidents. CNNIC will implement Certificate Transparency for all of their certificates prior to any request for reinclusion. We applaud CNNIC on their proactive steps, and welcome them to reapply once suitable technical and procedural controls are in place.

In other words, Chrome users will get security warnings for new sites authenticated by CNNIC, particularly those that require entering login information. Some pages, such as those involving monetary transactions, will simply stop working (any bank or commerce site worth its salt will not allow money to move without proper security).

Google does not say when exactly this change will go into effect (the company typically specifies a Chrome version number for security changes and updates). It likely wants to give affected website operators time to switch to a different certificate authority.

CNNIC responded on April 2 (today) with the following:

1. The decision that Google has made is unacceptable and unintelligible to CNNIC, and meanwhile CNNIC sincerely urge that Google would take users’ rights and interests into full consideration.

2. For the users that CNNIC has already issued the certificates to, we guarantee that your lawful rights and interests will not be affected.

It’s not clear whether CNNIC plans to do something specific in regards to the second point. The firm is likely still weighing its options.

Mozilla followed in Google’s footsteps today:

After reviewing the circumstances and a robust discussion on our public mailing list, we have concluded that CNNIC’s behaviour in issuing an unconstrained intermediate certificate to a company with no documented PKI practices and with no oversight of how the private key was stored or controlled was an ‘egregious practice’ as per Mozilla’s CA Certificate Enforcement Policy. Therefore, after public discussion and consideration of the scope and impact of a range of options, we have decided to update our code so that Mozilla products will no longer trust any certificate issued by CNNIC’s roots with a notBefore date on or after 1st April 2015.

The notBefore date that will be checked is inserted into the certificate by CNNIC. We will therefore be asking CNNIC for a comprehensive list of their currently-valid certificates, and publishing it. After the list has been provided, if a certificate not on the list, with a notBefore date before 1 April 2015, is detected on the public Internet by us or anyone else, we reserve the right to take further action.

Like Google, Mozilla is offering CNNIC the option to reapply for full inclusion. The restriction thus might be removed assuming CNNIC meets Google’s and Mozilla’s requirements.

If Chrome and Firefox were to stop recognizing all website certificates issued by CNNIC, the impact could be huge in China; millions of users would suddenly not be able to connect to various websites. Presumably, Google and Mozilla will wait a reasonable amount of time before flipping the switch, so website operators can ensure their sites will continue to work as expected.

SEARCH NEWS – SEPTEMBER 2013

/in /by

Sell SEO Make Money Search News is your monthly source to keep you up to date on the latest trends in search engine marketing. You’ll know about emerging trends in online marketing and we’ll explain how those trends can be put to use in your business.

The Cost of SEO Keeps Going Up. Here’s Why.

Article spinning, keyword stuffing, excessive bookmarks, paid links, thin content, duplicate content, excessive blog commenting, etc. were once widely regarded as acceptable SEO tactics. Now those tactics can land you in big trouble with Google. Thanks to Google Panda and Penguin, nothing about SEO is quick, easy or cheap.

Skilled SEO firms write purposeful articles, blog posts, press releases and interviews, produce creative videos and infographics and use other formats that include very specific information about a company. Not only will high quality SEO providers prepare with extensive research, they will take care to write inspired content and post it to suitable websites for publishing. Sure, Google demands quality content. But with the company name, location, names of company executives and so on featured in the content, businesses expect quality too!

The Social Media Advertising Scramble

After its IPO missteps, Facebook went all out to raise revenue with numerous advertising products. Though plenty of money has been made, particularly with mobile advertising, Facebook plans to simplify its advertising product based on feedback from marketers. The launch of Facebook video ads, scheduled for Fall 2013, is on hold due to concerns about user experience. At an estimated $1 million to $2.4 million per daily spot, we think it’s safe to say that Facebook will figure it out and start rolling those video ads before too long.

Instagram, acquired by Facebook in 2012 for $1 billion in cash and stock, plans to begin selling ads within the year. Earlier this month, Instagram announced that it now has over 150 million monthly active users, a 50% increase since February 2013.

Twitter has Promoted Tweets and is experimenting with Tailored Ads, an advertising product that is very similar to retargeting. This month, Twitter announced that it has acquired MoPub Inc. for about $350 million in stock. Many industry insiders believe Twitter is ramping up its advertising options in preparation for an IPO.

Google Goes In-Depth

Billions of internet searches happen every day, yet people do look to other sources for information and answers. Some people still consult the encyclopedia! In 2010, after 244 years, Encyclopedia Britannica went out of print, but encyclopedias live on in DVD format.

Encyclopedias and other information sources may have been just as handy as search engines when we were tied to desktops and laptops. Mobile devices have given search engines an advantage in terms of convenience and Google is now on a mission to have the answers for anything and everything a person could want to know,

Last year, Google conducted the Daily Information Needs Study to get some insight into what people want to know, but don’t search for. From the research, Google learned that about 10% of users’ daily information needs involve learning about a broad topic. With the recently released feature, In-Depth Articles, Google intends to deliver relevant, high quality content that will help the searcher explore a topic in-depth.

This article explains the steps that help Google find your content—maybe you’ll be rewarded for your high quality content with a spot in the in-depth search results block!

 

Start Selling Today. Please submit the form below and a Sell SEO Make Money team member will contact you!

[easy_contact_forms fid=3]

SEARCH NEWS – JULY 2013

/in /by

Sell SEO Make Money’s Search News is your monthly source to keep you up to date on the latest trends in search engine marketing. You’ll know about emerging trends in online marketing and we’ll explain how those trends can be put to use in your business.

A Spin on Local Search

Recently, Google introduced Carousel for local search results. Now, when you search for a local business like a hotel or restaurant, the results appear in an interactive carousel at the top of the page. Click on one of the results in the carousel and you’ll see the address, photos, overall review-based score and links to the actual reviews.

The obvious question–how can a local business earn a spot on the carousel? A well-managed Google+ page with updated content, attractive images and customer reviews is the critical first step. Claiming and managing other local listings and review sites is also important.

A click on the carousel result leads to a branded search, showing more results for the local business. A business that persistently takes charge of its web presence and reputation (with social media activity, blog posts, videos, infographics, press releases, customer reviews, etc.) is likely to draw more customers to its website and rack up more leads than a business that’s not doing much or any content marketing.

The basis of a solid SEO program is a diversified content marketing plan, with each piece of high quality, unique content posted on a distinct website. Recycled content doesn’t cut it!

Google’s Balloon Powered Internet Experiment

Instead of standing by waiting for internet service providers to tap the two-thirds of the population without internet access (see data, below*), Google is working toward servicing those areas with balloon powered internet. Essentially, ‘Project Loon’ works like this: balloons are moved around in the stratosphere and sent into a layer of wind that’s moving in the right direction, creating a large communications network to which people can connect via an antenna attached to their building. Not surprisingly, Project Loon was founded by MIT-trained scientist, Richard DeVaul.

Project Loon is currently being tested in New Zealand, with the long term goal of connecting people in remote areas, filling gaps in coverage and bringing people back online quickly after a disaster.

Sure, it sounds a little loony and it’s true that Google has been known to pull the occasional hoax, like Google Nose. But remember, this is a company that doesn’t shy away from the unconventional–Google is testing a self-driving car, has invested in a solar power plant, and introduced the world to Google Glass. Remember too that Google stands to profit with every new internet user. Of course Google would figure out a way to use wind driven balloons to bring more people online.

Read more about Google Loon.

Who’s Online Now?

*According to the most recent internet usage data published in June 2012 by Nielsen Online and reported by internetworldstats.com, internet service is available to about 34% of the world’s population. North America has the highest percentage of coverage; Africa, the lowest.
North America – 79%

  • Oceania/Australia – 68%
  • Europe – 63%
  • Latin America/Caribbean – 43%
  • Middle East – 40%
  • Asia – 28%
  • Africa – 16%

Total number of internet users worldwide, as of June 2012: 2,405,518,376.