funsec mailing list archives
GOTCHA: Google caught STRIPPING SSL from BT Wi-Fi users' searches
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 27 Nov 2014 22:33:06 -0500
http://www.theregister.co.uk/2014/11/20/gotcha_google_caught_stripping_ssl_search_from_bt_wifi_users_searches/ Google's "encryption everywhere" claim has been undermined by Mountain View stripping secure search functions for BT WiFi subscribers piggy-backing off wireless connections, sysadmin Alex Forbes has found. The move described as 'privacy seppuku' by Forbes (@al4) meant that BT customer searches were broadcast in clear text and possibly open to interception. Customers were told that the network, rather than the Chocolate Factory, "has turned off SSL search", a statement Forbes proved to be false. Google engineer and security bod Adam Langley in a forum comment confirmed the SSL strip and said it would be removed 'soon'. ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- GOTCHA: Google caught STRIPPING SSL from BT Wi-Fi users' searches Jeffrey Walton (Nov 27)
- Re: GOTCHA: Google caught STRIPPING SSL from BT Wi-Fi users' searches Reed Loden (Nov 28)