Google beta’s SSL for web searches

According to this H article, Google is beginning to beta a new feature of providing SSL for their standard web search service. As one commenter noted, Google is still collecting the same information from your searches but this will limit 3rd parties from eavesdropping on your search queries. Remember SSL doesn’t guarantee absolute privacy as there’s Moxie Marlinspike’s work, chance of CA intermediaries, and your employer loading their own trusted CA’s into your corporate devices.

SSL Strip

There’s a nice tool that will perform SSL man in the middle attacks.  In layman’s terms this means when this tool is run on a gateway it will create a clear text HTTP stream on the network (that you can sniff) when someone creates a HTTPS session.  i.e. Someone logs into Gmail via HTTPS and there will be an HTTP clear text mirror of that session which you can sniff via Wireshark.

Check it out here: www.thoughtcrime.org/software/sslstrip/