SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,220
    Mentioned
    264 Post(s)
    Tagged
    5 Thread(s)

    Bing Webmaster Tools security problem?

    I've been using Google and Yahoo! Webmaster tools for a while, but after learning that Yahoo! is planning to close their service, I thought I'd sign up to Bing as well. I jumped through the hoops and set up a "Windows Live ID" in order to set up a Webmaster account, but when I try to sign in my browser warns me:
    "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

    Are you sure you want to continue sending this information?"

    Well, actually, no I don't. I had three sites hacked, apparently through using unencrypted log-in and FTP, and now I'm paranoid about these things. Am I over-reacting?

    Sorry if this is the wrong place to post.

  2. #2
    SitePoint Enthusiast
    Join Date
    Jun 2009
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am also facing the same since 2 months.

  3. #3
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,220
    Mentioned
    264 Post(s)
    Tagged
    5 Thread(s)
    Perhaps I wasn't very clear in my original post as to just what I'm asking.

    If I log in to Bing Webmaster tools over an unencrypted connection, then my details may be intercepted, giving a third party access to my account. OK, so the details of any web sites I've added may not be that sensitive, but they can also access my own details - and Windows Live ID asks for information such as gender, year of birth, location, that other services don't require. In addition, they helpfully tell me that I can use the same ID to access Hotmail, MSN Messenger, X-Box Live, etc. I don't use any of these services, but if I did, I can use my log-in over an unencrypted connection to Webmaster Tools, and some bad guy gets free access to all my accounts, my e-mail, my messages, my personal details etc. Surely that's a cracker's dream?

    But why would a huge company like Microsoft do something so stupid? Surely I must be missing something here, or have misunderstood how these things work? Bottom line: who's losing their marbles - me or Microsoft?

  4. #4
    SitePoint Guru bronze trophy TheRaptor's Avatar
    Join Date
    Jul 2011
    Location
    New York
    Posts
    710
    Mentioned
    40 Post(s)
    Tagged
    0 Thread(s)
    This message is served when a form is sent from an encrypted page (https) to an unencrypted page (http). It's a problem with the website, not the browser. You can email microsoft and complain, but its not that big of a security threat.

  5. #5
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,220
    Mentioned
    264 Post(s)
    Tagged
    5 Thread(s)
    Quote Originally Posted by TheRaptor View Post
    It's a problem with the website, not the browser.
    Thanks, but I knew that already.
    Quote Originally Posted by TheRaptor View Post
    its not that big of a security threat.
    Really? Then why does anyone bother with encrypted log-ins? Yahoo! and Google Webmaster tools both use them, among many others.

  6. #6
    SitePoint Guru bronze trophy TheRaptor's Avatar
    Join Date
    Jul 2011
    Location
    New York
    Posts
    710
    Mentioned
    40 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by TechnoBear View Post
    Really? Then why does anyone bother with encrypted log-ins? Yahoo! and Google Webmaster tools both use them, among many others.
    Let me rephrase that: The login is encrypted but when the data is sent and it goes through the ISP, the SSL encryption is dropped to send the data over to the Email provider. What is the url you are using to get to Live?

  7. #7
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    login.live.com is encrypted there is nothing to worry about there. What might be happening is when the page redirects to a none secure page, but your login details are not passed to the insecure page. There is no security issue here.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  8. #8
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,220
    Mentioned
    264 Post(s)
    Tagged
    5 Thread(s)
    Quote Originally Posted by TheRaptor View Post
    What is the url you are using to get to Live?
    Webmaster Tools - Bing Clicking on the Webmaster Tools Sign In button takes me to an https page, where I can enter my Windows Live ID. Submitting the log-in details is what produces the warning message.

  9. #9
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,220
    Mentioned
    264 Post(s)
    Tagged
    5 Thread(s)
    Quote Originally Posted by durginchandler22 View Post
    Bing Webmaster tools over an unencrypted connection, The details of any web sites they had added may not be that sensitive, but they can also access their details and Windows Live ID needs for info. Their details may be intercepted, giving a third party access to their account.
    Precisely the point I was trying to make.
    Quote Originally Posted by TheRaptor View Post
    Let me rephrase that: The login is encrypted but when the data is sent and it goes through the ISP, the SSL encryption is dropped to send the data over to the Email provider.
    Please could you explain what this has to do with my e-mail provider? Surely my e-mail address is only being used as a log-in username at this point? It's not a Hotmail address.

  10. #10
    SitePoint Guru bronze trophy TheRaptor's Avatar
    Join Date
    Jul 2011
    Location
    New York
    Posts
    710
    Mentioned
    40 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by TechnoBear View Post
    Please could you explain what this has to do with my e-mail provider? Surely my e-mail address is only being used as a log-in username at this point? It's not a Hotmail address.
    Put simply: The login info you entered is encrypted but it is sent to an unencrypted page. It's sending data from HTTPS to HTTP. This is how microsoft has chosen to operate the site.

    I would ask a question though, why not stay with Google Webmaster Tools? Why would you need Bing?

  11. #11
    SitePoint Enthusiast zelthost's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    37
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  12. #12
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,220
    Mentioned
    264 Post(s)
    Tagged
    5 Thread(s)
    zelthost - Thanks for the link.
    Quote Originally Posted by TheRaptor View Post
    Put simply: The login info you entered is encrypted but it is sent to an unencrypted page. It's sending data from HTTPS to HTTP. This is how microsoft has chosen to operate the site.
    Thank you.
    Quote Originally Posted by TheRaptor View Post
    I would ask a question though, why not stay with Google Webmaster Tools? Why would you need Bing?
    As I mentioned in my original post, I also use Yahoo! Webmaster tools, which I understand are being withdrawn, and I thought I would try the Bing version. Also, my sites often seem to do less well on Bing than on Yahoo! or Google, so I thought the Bing Webmaster tools might help me understand what's happening.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •