funsec mailing list archives
Re: GOTCHA: Google caught STRIPPING SSL from BT Wi-Fi users' searches
From: Reed Loden <reed () reedloden com>
Date: Fri, 28 Nov 2014 03:57:29 -0800
This is the poorest researched article I've seen in a while.
From what I can best tell, Google isn't "forcing" this upon the users. BT
has likely chosen to use Google's 'nosslsearch' functionality in order to provide some type of filtered search or force safe search functionality (which is backed up by what agl says). If this is indeed just 'nosslsearch' (which it likely is), this isn't Google doing anything wrong at all. BT has made changes using a very old Google method to force Google searches to use that VIP. In any case, Google announced back in October that they are removing the 'nosslsearch' option in early December anyway... http://googleonlinesecurity.blogspot.com/2014/10/an-update-to-safesearch-options-for.html Check the facts, folks. ~reed On Thu, Nov 27, 2014 at 7:33 PM, Jeffrey Walton <noloader () gmail com> wrote:
http://www.theregister.co.uk/2014/11/20/gotcha_google_caught_stripping_ssl_search_from_bt_wifi_users_searches/ Google's "encryption everywhere" claim has been undermined by Mountain View stripping secure search functions for BT WiFi subscribers piggy-backing off wireless connections, sysadmin Alex Forbes has found. The move described as 'privacy seppuku' by Forbes (@al4) meant that BT customer searches were broadcast in clear text and possibly open to interception. Customers were told that the network, rather than the Chocolate Factory, "has turned off SSL search", a statement Forbes proved to be false. Google engineer and security bod Adam Langley in a forum comment confirmed the SSL strip and said it would be removed 'soon'. ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- GOTCHA: Google caught STRIPPING SSL from BT Wi-Fi users' searches Jeffrey Walton (Nov 27)
- Re: GOTCHA: Google caught STRIPPING SSL from BT Wi-Fi users' searches Reed Loden (Nov 28)