Since this morning Google has been defaulting to Google SSL when using IE9, but not on Chrome, I really wonder why... 
-
-
Dr Herbie
Horses for courses
Perhaps they are assuming that all IE9 users are searching for p0rn and don't want hackers to know?
Herbie
-
I am assuming they don't want bing to know
-
magicalclick
remember the flow
How is that gonna be different? https only protects from man-in-the-middle attacks. If the hacker corrupted the client machine, which is a typical case, then, anything on the screen can be read and altered.
-
What do you mean by "Google"? Search? I can't reproduce that. Google did mention recently that all Google APIs would enforce SSL, but which browser you use should have no effect on that.
-
CKurt
while( ( !succeed=try() ) ) { }
I've noticed it to a few weeks ago. I hate the https interface, no more quick links to switch to image search or mapping.
-
-
Strange. I really can't repro. Going directly to http://www.google.com works. Searching on that page doesn't change to https. Using the IE9 search bar (what ever the new name of the combo bar is) with Google as the provider searches Google using http not https. So, it's not likely an IE thing, but what would cause it to behave that way for you is the question. I assume a redirect on the part of Google, but why?
-
@wkempf: I confirm I cannot repro on another computer either, but I can on my own. Strange.
By the way, is what Magicaclick says right, that even with https the Bing bar or Suggested sites could "see" google searches?
-
They can see the URI requested and the results sent back, yes. Any browser plugin has this capability.
-
@wkempf: What is the point then of https searches? Is it very likely that someone will spy on my searches?
P.S. back on my work machine, my IE is still defaulting to https and I can't see the image search button...
-
https only encrypts over the wire. So, yes, the point is to prevent someone from watching your search traffic as it goes over the wire. As for if there's a need to encrypt searches... well, I guess that would depend on what you're searching for, though it seems dubious to me.
-
TommyCarlier
Widen your gaze
SSL also protects your cookies. If you're logged on with your Google-account, it will be more difficult for hackers to hijack your session if everything happens over SSL. And if a hacker hijacks your session, he has complete access to your Google-account, your e-mails, your contacts, Google Docs, ...
-
2 hours ago, TommyCarlier wrote
SSL also protects your cookies. If you're logged on with your Google-account, it will be more difficult for hackers to hijack your session if everything happens over SSL. And if a hacker hijacks your session, he has complete access to your Google-account, your e-mails, your contacts, Google Docs, ...
That makes much more sense, in fact with my e-mail account I think you could pretty much take ownership of anything I own, inlcuding my bank account
-
magicalclick
remember the flow
12 hours ago, giovanni wrote
@wkempf: What is the point then of https searches? Is it very likely that someone will spy on my searches?
P.S. back on my work machine, my IE is still defaulting to https and I can't see the image search button...
It protects you from Man-in-the-middle attacks. Just read wiki about what it is.
Or in easy sense, you send a note across the classroom, and only you and that girl can read it, but, no one else. Even if the teacher caught it and trying to read it, the teacher will only see gibberish. And the teacher cannot pretend to be you and send hate letter to your girl.
This does not protects you if someone hacked into your brain and looking at what you are doing. Meaning, this does not protects you from Charles Xavier in x-man.
-
blowdart
Peek-a-boo
5 hours ago, magicalclick wrote
It protects you from Man-in-the-middle attacks. Just read wiki about what it is.
Mostly. However in certain scenarios, where a trusted certificate can be placed in middle you're not protected. Now whilst this is unlikely there are certain trusted root CAs that may be susceptible to government pressure, which in turn could issue a fake certificate for a site, and make MTIM possible, even over HTTPS
-
There are some *fascinating* attacks that can be made on google searches when you turn off SSL. I recently watched a video where some researchers were able to figure out what you were searching for. On a WiFi network. *WITHOUT* joining the network.
-
ScanIAm
Edgar Allen Potato.
@Larry Osterman: That's hardly impressive. I'd just guess p*rn and be right like 80% of the time.
Thread Closed
This thread is kinda stale and has been closed but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.