Bing is fine, insecure as ever, but fine

Bing is fine, insecure as ever, but fine

Summary: No, Bing isn't malfunctioning. Google isn't playing games with it. Bing's working just fine, the same way it always has ... without security support.

SHARE:

On April 19th, there was a small flood of stories that Bing, Microsoft's Web search site, or Akamai, its content delivery network (CDN) was having security problems. Actually, both Bing and Akamai were — and are — running perfectly normally. It's just that Bing has never supported secure connections and for years, if you attempted to connect to Bing  securely, you'd get this "error" message.

BingSSL
This is not a Bing error. This error message is what you get when you try to force a web browser using a CDN to give you a secure connection when the site doesn't support such connections. (Image: Screenshot by Steven J Vaughan-Nichols/ZDNet)

To understand what's really happening, you need to know that whenever you try to connect to any site that doesn't support Secure-Socket Layer (SSL)/Hypertext Transfer Protocol Secure (HTTPS) connections, you're going to get an HTTPS error message. Below is an example of a typical error message.

VNA-SSL
This is a typical error message when you try to force a secure connection to a site that doesn't support them and also doesn't use a CDN. (Image: Screenshot by Steven J Vaughan-Nichols/ZDNet)

Of course, that's not the error message you're seeing from Bing. That's because Bing is using the Akamai CDN. A CDN is designed to speed up traffic to popular web sites by mirroring these sites on their global network of servers. Thus, when you first "connect" to Bing or other Akamai-supported sites, such as the White House, chances are you're almost certainly connecting to a near-by — in terms of network traffic — Akamai server instead.

Akamai supports HTTPS connections, but only if the host site supports it. Otherwise, the link along the security chain from the Akamai network to the core website is broken, and the connection wouldn't truly be secure. In this situation, Akamai presents a different error message — the one you'll see now if you try to reach Bing or The White House using an unsupported HTTPS connection.

Officially, neither Akamai nor Microsoft has any comment, but really, everything is fine with Bing. Microsoft did not let its security certificate for Bing expire the way it did its Azure cloud service in February. You see. Microsoft has never had a SSL certificate for Bing in the first place.

This is also not the first — nor I'm sure will it be the last — time that someone reports a site is broken because of this problem. All that's really happening is that a normally invisible part of the internet infrastructure, the CDN, is appearing because someone is trying to force a secure connection to a site that doesn't support it.

That said, major websites should support Transport Layer Security (TLS), SSL, and HTTPS. Without this layer of security, anytime you use an open wi-fi connection or other open network, the potential exists for crackers, using tools such as FireSheep and its network packet sniffer for dummies descendants, to watch your web browsing activities.

Since FireSheep showed up in 2010, more and more sites — including Twitter, Google, and Facebook — have all enabled secure connections. It's well past time Microsoft started supporting basic security on Bing as well.

Related Stories:

Topics: Networking, Browser, Microsoft, Security, Web development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

103 comments
Log in or register to join the discussion
  • Of course Google is more secure

    W/ Google's direct line to send your privacy data to CIA / NSA / DHS / FBI, I'm sure there's plenty security when those guys are reading your private emails.
    LBiege
    • You can always use DuckDuckGo instead

      Supports HTTPS connections by default and has a policy of not tracking users.
      John L. Ries
    • Fri April 19th: SJVN jumps yet another shark.

      You should be wondering instead how many megawatts googles burned through letting the tragically geek enter their moronic search queries that nobody cares about over https.
      Johnny Vegas
      • Re: enter their moronic search queries

        Truly spoken like someone who appreciates the importance of web search to the modern Internet user.

        Have they put in one of those "series of tubes" to your house yet?
        ldo17
        • I do appreciate the importance of to the modern internet user who by the

          way doesn't need them to be done over https. Sally searching for salad recipes and Brenda for beauty cream and carl for car parts. No one cares what your searching for unless youre trying to build a bomb.
          Johnny Vegas
          • More data charges

            My mobile data provider informed me there are extra charges for secure sites, so I'm glad my search provider (Bing) doesn't use it. SJVN must be running out of anti-MS diatribe ;-)
            Tony_McS
          • Huh? Don't use https with google when you don't need it

            Google supports both http and https. It doesn't mean your search is safe, because the terms of your search are used for targeted advertising. At least some statistic can be collected based on what advertisements are insecurely shown back to you.

            Bing on the other hand doesn't support https, but you still get charged more because it sends the pretty pictures and other data unrelated to your search down to your connection.
            Earthling2
          • Re: Don't use https with google when you don't need it

            Then how do you know you're taking to Google?
            ldo17
          • What about?

            What if, for instance you were into African buttplug movies. You downloaded a few. Then a rape happens down the street. Your history could be used against you just in that way. I don't want the police knocking on my door at dinner time asking why I like African buttplug movies. Think about that.
            Dustin Bowman
      • I nearly died laughing

        Resident Troll SJVN breaks a record. Must be a slow day at the office, or his world must be crumbling since Microsoft isn't really affected by the decline of the PC. Now he comes up with this bullshit. Must be so important to have a secure connection to the Google Overlords while they collect all your personal data. Such a crud.
        Dreyer Smit
        • He isn't making anything up

          Bing doesn't support HTTPS.

          And it's important, it's a security measure.
          Michael Alan Goff
          • yeah for 0.0001% of users 0.0001% of the time

            get real
            Johnny Vegas
          • you apparently deserve it

            Don't use https, ever. It only complicates things for your Microsoft Gods. See, they can't even get simple certificates renewed.

            The rest of the Internet users think otherwise.
            danbi
          • Wait a second...

            So, who here is logged into https://www.zdnet.com?

            I rest my case... Good Night, Dick.
            TechNickle
          • Its a nice add on..

            No one uses HTTPS for google, maybe .001%. If no one is using it, how is it more secure? I agree with FBS, who is logged into znet with a secure connection?
            Rann Xeroxx
          • So, who here is logged into https://www.zdnet.com?

            if you are logged on to " https://www.zdnet.com" then you are logged on with a 'False Positive' -

            Run Forest Run!
            Mujibahr
          • Agreed

            I think you're the only person that's highlighted the importance of Bing's market share.
            tjbp
  • Your posts are boring , rubbish as ever but still nothing like a good troll

    Your posts are boring , rubbish as ever, but still nothing like a good troll

    nuff' said
    5735guy
    • Well, why do you read in the first place?

      Ah, cause you are trolling.
      nuff' said
      kirovs
      • Nothing like a cheap snipe at anything Microsoft by the Linux fanbois

        Yeah I guess you must be a Linux fanbois as well
        5735guy