Bing is fine, insecure as ever, but fine

No, Bing isn't malfunctioning. Google isn't playing games with it. Bing's working just fine, the same way it always has ... without security support.

On April 19th, there was a small flood of stories that Bing, Microsoft's Web search site, or Akamai, its content delivery network (CDN) was having security problems. Actually, both Bing and Akamai were — and are — running perfectly normally. It's just that Bing has never supported secure connections and for years, if you attempted to connect to Bing  securely, you'd get this "error" message.

This is not a Bing error. This error message is what you get when you try to force a web browser using a CDN to give you a secure connection when the site doesn't support such connections. Image: Screenshot by Steven J Vaughan-Nichols/ZDNet

To understand what's really happening, you need to know that whenever you try to connect to any site that doesn't support Secure-Socket Layer (SSL)/Hypertext Transfer Protocol Secure (HTTPS) connections, you're going to get an HTTPS error message. Below is an example of a typical error message.

This is a typical error message when you try to force a secure connection to a site that doesn't support them and also doesn't use a CDN. Image: Screenshot by Steven J Vaughan-Nichols/ZDNet

Of course, that's not the error message you're seeing from Bing. That's because Bing is using the Akamai CDN. A CDN is designed to speed up traffic to popular web sites by mirroring these sites on their global network of servers. Thus, when you first "connect" to Bing or other Akamai-supported sites, such as the White House, chances are you're almost certainly connecting to a near-by — in terms of network traffic — Akamai server instead.

Akamai supports HTTPS connections, but only if the host site supports it. Otherwise, the link along the security chain from the Akamai network to the core website is broken, and the connection wouldn't truly be secure. In this situation, Akamai presents a different error message — the one you'll see now if you try to reach Bing or The White House using an unsupported HTTPS connection.

Officially, neither Akamai nor Microsoft has any comment, but really, everything is fine with Bing. Microsoft did not let its security certificate for Bing expire the way it did its Azure cloud service in February. You see. Microsoft has never had a SSL certificate for Bing in the first place.

This is also not the first — nor I'm sure will it be the last — time that someone reports a site is broken because of this problem. All that's really happening is that a normally invisible part of the internet infrastructure, the CDN, is appearing because someone is trying to force a secure connection to a site that doesn't support it.

That said, major websites should support Transport Layer Security (TLS), SSL, and HTTPS. Without this layer of security, anytime you use an open wi-fi connection or other open network, the potential exists for crackers, using tools such as FireSheep and its network packet sniffer for dummies descendants, to watch your web browsing activities.

Since FireSheep showed up in 2010, more and more sites — including Twitter, Google, and Facebook — have all enabled secure connections. It's well past time Microsoft started supporting basic security on Bing as well.

Related Stories: