Over the past year or so, Google has been using its significant influence over the Internet to encourage adoption of HTTPS, which allows Web communication over an encrypted channel. The latest such move by the company involves serving the majority of its ads over HTTPS connections which, while offering better protection against hijacking attacks and encouraging website owners to enable encryption, does make things a bit more difficult for security researchers.
Google plans to serve most of its ads over encrypted HTTPS connections by the end of June, a move that will protect against some ad hijacking attacks and will encourage website owners to enable encryption on their Web properties. However, malicious advertising attacks that direct users to Web-based exploits will still be possible and, because of the new encryption, it will actually be harder for security researchers to pinpoint their source. Last year, Google announced that it will give more weight to HTTPS-enabled websites in search rankings in order to encourage the adoption of encryption across the Web. HTTPS (HTTP Secure) allows Web communication over a channel encrypted with the TLS (Transport Layer Security) protocol. One of its main benefits is that it prevents the traffic from being read or modified by someone in a position to intercept it—hackers in control of a router or prowling inside an insecure wireless network, rogue ISP employees, or a government agency spying on the Internet backbone.