I’ve been using Google and Yahoo! Webmaster tools for a while, but after learning that Yahoo! is planning to close their service, I thought I’d sign up to Bing as well. I jumped through the hoops and set up a “Windows Live ID” in order to set up a Webmaster account, but when I try to sign in my browser warns me:
[INDENT]"Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?"
[/INDENT]
Well, actually, no I don’t. I had three sites hacked, apparently through using unencrypted log-in and FTP, and now I’m paranoid about these things. Am I over-reacting?
Perhaps I wasn’t very clear in my original post as to just what I’m asking.
If I log in to Bing Webmaster tools over an unencrypted connection, then my details may be intercepted, giving a third party access to my account. OK, so the details of any web sites I’ve added may not be that sensitive, but they can also access my own details - and Windows Live ID asks for information such as gender, year of birth, location, that other services don’t require. In addition, they helpfully tell me that I can use the same ID to access Hotmail, MSN Messenger, X-Box Live, etc. I don’t use any of these services, but if I did, I can use my log-in over an unencrypted connection to Webmaster Tools, and some bad guy gets free access to all my accounts, my e-mail, my messages, my personal details etc. Surely that’s a cracker’s dream?
But why would a huge company like Microsoft do something so stupid? Surely I must be missing something here, or have misunderstood how these things work? Bottom line: who’s losing their marbles - me or Microsoft?
This message is served when a form is sent from an encrypted page (https) to an unencrypted page (http). It’s a problem with the website, not the browser. You can email microsoft and complain, but its not that big of a security threat.
Let me rephrase that: The login is encrypted but when the data is sent and it goes through the ISP, the SSL encryption is dropped to send the data over to the Email provider. What is the url you are using to get to Live?
login.live.com is encrypted there is nothing to worry about there. What might be happening is when the page redirects to a none secure page, but your login details are not passed to the insecure page. There is no security issue here.
Webmaster Tools - Bing Clicking on the Webmaster Tools Sign In button takes me to an https page, where I can enter my Windows Live ID. Submitting the log-in details is what produces the warning message.
Please could you explain what this has to do with my e-mail provider? Surely my e-mail address is only being used as a log-in username at this point? It’s not a Hotmail address.
Put simply: The login info you entered is encrypted but it is sent to an unencrypted page. It’s sending data from HTTPS to HTTP. This is how microsoft has chosen to operate the site.
I would ask a question though, why not stay with Google Webmaster Tools? Why would you need Bing?
As I mentioned in my original post, I also use Yahoo! Webmaster tools, which I understand are being withdrawn, and I thought I would try the Bing version. Also, my sites often seem to do less well on Bing than on Yahoo! or Google, so I thought the Bing Webmaster tools might help me understand what’s happening.