+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 24
IT News Thread, Google to Offer Encrypted Search This Week in Other News; You may want to start blocking http s ://google.com/ before the students (and teachers) start using it to evade your ...
  1. #1


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,758
    Thank Post
    221
    Thanked 2,630 Times in 1,938 Posts
    Rep Power
    779

    Google to Offer Encrypted Search This Week

    You may want to start blocking https://google.com/ before the students (and teachers) start using it to evade your proxy server(s).

    Source: http://www.wired.com/threatlevel/201...rypted-search/

    Google will begin letting users run encrypted searches on its flagship search site Google.com starting next week, the company said in a blog post Thursday.

    Allowing users to search using https - the web security system which many associate with online banking and shopping — would mark a first for a major search engine, and could begin a move by web services such as social networks to begin offering encryption for more than just log-ins. Such increased adoption would cut down on network eavesdropping and also have the added benefit of preventing some online attacks.
    Google turned on encryption — better known as https:// — as a default for Gmail users earlier this year. That encrypts the data sent between a user’s browser and Google’s servers, making it nearly impossible for someone in the middle to read the contents of that e-mail. When not using SSL, a user of a school or corporate network can have their e-mail and web traffic content read by authorities who control the network, while anyone using an open Wi-Fi connection can have their traffic sniffed by a hacker using simple tools.

  2. #2

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,211 Times in 761 Posts
    Rep Power
    394
    Handily, I'm pretty sure the RM SmartCache doesn't have the ability to differentiate between HTTP and HTTPS. If it does have such a setting, I can't find it.

    At least they won't be able to get through to the actual results, since those will still be via HTTP; Google is only presenting it's own pages via HTTPS, not proxying the sites it finds, unless I'm mistaken. That said, anyone know if the cache servers will also be HTTPS?

  3. #3


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,758
    Thank Post
    221
    Thanked 2,630 Times in 1,938 Posts
    Rep Power
    779
    The SmartCache is pretty rubbish when it comes to HTTPS. The way I understand it is that once a user signs into the encrypted Google search engine (or any SSL website for that matter) it would be impossible to block things like search terms because nothing after https://google.com/ would be shown. In the case of the SmartCache I don't think it logs any HTTPS URLs. This is one of the reasons we are looking at alternative proxies like SmoothWall.

    Unless you add exceptions like the ones listed below it would also mean things such as Google Calendar would be filtered too. I know my headteacher uses this so he wouldn't be too happy if I blocked https://google.*/*.

    Code:
    docs.google.*/*
    groups.google.*/*
    knol.google.*/*
    mail.google.com/*
    sites.google.*/*
    spreadsheets.google.*/*
    google.*/bookmarks/*
    google.*/calendar/*
    google.*/contacts
    google.*/dictionary*
    google.*/finance*
    google.*/history/*
    google.*/notebook/*
    google.*/reader/*
    google.*/voice/*
    google.*/webmasters/tools/*

    Quote Originally Posted by AngryTechnician View Post
    Google is only presenting it's own pages via HTTPS, not proxying the sites it finds.
    That's true. It will be interesting to see if they do the Cache URLs too.

  4. #4

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,511
    Thank Post
    1,493
    Thanked 1,050 Times in 919 Posts
    Rep Power
    302
    I would expect my lovely Smoothwall to be able to not suffer with this as it unencrypts the SSL traffic to analyse it Go Smoothwall

  5. #5

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,211 Times in 761 Posts
    Rep Power
    394
    Quote Originally Posted by john View Post
    I would expect my lovely Smoothwall to be able to not suffer with this as it unencrypts the SSL traffic to analyse it Go Smoothwall
    Out of technical curiosity, how does that work in Smoothwall? Do they use CA subversion or some other mysterious method?

  6. #6

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,511
    Thank Post
    1,493
    Thanked 1,050 Times in 919 Posts
    Rep Power
    302
    Its wizardy, but it works I put a CA from the Smoothwall on all my clients (using GPOs) and when users who are set to have SSL intercepted hit SSL sites it shows secured by Smoothwall and not by, say Amazon or Barclays, they are secure though! I don't want you thinking that it stops the SSL bit, it is secure just it reads the data to stop SSL proxy sites as now a days genuine SSL certificates are Ł20 a go so its not that expensive to put real ones on that are valid.

    As for a more techy explanation the Smoothwall guys on here are probably best to explain it rather than me as all I know is it works and stops the kids getting onto proxies (I don't SSL filter my staff just students)

  7. #7

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,808
    Thank Post
    1,476
    Thanked 592 Times in 444 Posts
    Rep Power
    168
    I'm just laughing at the whole concept.

    Google preventing "man-in-the-middle" eavesdropping.

    THEY ARE the "men-in-the-middle"!

    Si

  8. #8

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,211 Times in 761 Posts
    Rep Power
    394
    Quote Originally Posted by john View Post
    I put a CA from the Smoothwall on all my clients (using GPOs) and when users who are set to have SSL intercepted hit SSL sites it shows secured by Smoothwall
    OK, that's exactly how I thought it would work, thanks.

  9. #9
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,261
    Thank Post
    646
    Thanked 283 Times in 204 Posts
    Rep Power
    104
    About time that encrypted searches were offered. I would be happier if the default for everything was https.

    <pulls down foil hat even tighter>

  10. #10


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,629
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    Quote Originally Posted by ICT_GUY View Post
    About time that encrypted searches were offered. I would be happier if the default for everything was https.

    <pulls down foil hat even tighter>
    Yeah, cause .gov wouldn't require ISPs to do MITM attacks would they? "As part of your Broadband setup, just run this handy utility to configure your network settings." < -- Boom, cert installed.

  11. #11
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,349
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    Quote Originally Posted by AngryTechnician View Post
    Handily, I'm pretty sure the RM SmartCache doesn't have the ability to differentiate between HTTP and HTTPS. If it does have such a setting, I can't find it.

    At least they won't be able to get through to the actual results, since those will still be via HTTP; Google is only presenting it's own pages via HTTPS, not proxying the sites it finds, unless I'm mistaken. That said, anyone know if the cache servers will also be HTTPS?

    The RM Smartcache cant see any search strings in a HTTPS site. They even did an update recently becuase it didn't show any HTTPS sites at all.

    You cannot create a deny rule for https://google.com on the smartcache as it would come out as http://https://google.com I would think. I can only think of changing the host file maybe?

  12. #12
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,485
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    Quote Originally Posted by AngryTechnician View Post
    At least they won't be able to get through to the actual results, since those will still be via HTTP; Google is only presenting it's own pages via HTTPS, not proxying the sites it finds, unless I'm mistaken. That said, anyone know if the cache servers will also be HTTPS?
    That was my understanding too - it will permit them to hide what they're searching for, but not hide their activity thereafter. IE8's InPrivate Browsing (by default, enabled on RM's config of it), on the other hand...

  13. #13

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,211 Times in 761 Posts
    Rep Power
    394
    Quote Originally Posted by enjay View Post
    IE8's InPrivate Browsing (by default, enabled on RM's config of it), on the other hand...
    InPrivate only stops history being stored on the browser. The traffic still has to go through your proxy, and will still be picked up by central filtering and logging systems.

  14. #14
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,349
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    It will be very interesting how this pans out for filtering, as we will be totally stuck if they implement this as all we can do is block addresses such as google.com not specific variants eg google.com:443

    If the results are delivered in plain text, it would be pointless as a lot of the time the search query is obvious from the web address. I expect that if the whole site is HTTPS then parts such as the 'cached' section could prove interesting as could the ability to remove the safesearch filters!

  15. #15

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,808
    Thank Post
    1,476
    Thanked 592 Times in 444 Posts
    Rep Power
    168
    About time that encrypted searches were offered. I would be happier if the default for everything was https.
    And what information are YOU searching for then?
    Si

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Google Search
    By karldenton in forum EduGeek Joomla 1.5 Package
    Replies: 0
    Last Post: 30th April 2009, 04:26 PM
  2. Google to offer phone services
    By tech_guy in forum General Chat
    Replies: 2
    Last Post: 12th March 2009, 02:55 PM
  3. Google Search
    By Quackers in forum Web Development
    Replies: 26
    Last Post: 9th February 2009, 09:08 AM
  4. Get a 2 week timetable into Outlook/Google Calendar etc
    By NotSoFast in forum Web Development
    Replies: 15
    Last Post: 27th August 2008, 04:59 PM
  5. BSkyB, Google to offer version of YouTube site
    By russdev in forum General Chat
    Replies: 0
    Last Post: 7th December 2006, 11:37 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •