yon Leveron blog

With Google search over SSL, you can have an end-to-end encrypted search solution between your computer and Google. This secured channel helps protect your search terms and your search results pages from being intercepted by a third party. This provides you with a more secure and private search experience.

To use search over SSL, visit https://www.google.com each time you perform a search. Note that only Google web search is available over SSL, so other search products like Google Images and Google Maps are not currently available over SSL. When you’re searching over SSL, these properties may not appear in the left panel.

What is SSL?

SSL (Secure Sockets Layer) is a protocol that helps provide secure Internet communications for services like web browsing, e-mail, instant messaging, and other data transfers. When you search over SSL, your search queries and search traffic are encrypted so they can’t be read by any intermediary party such as employers and internet service providers (ISPs).

What can I expect from search over SSL?

Here’s how searching over SSL is different from regular Google search:

• SSL encrypts the communication channel between Google and a searcher’s computer. When search traffic is encrypted, it can’t be read by third parties trying to access the connection between a searcher’s computer and Google’s servers. Note that the SSL protocol does have some limitations — more details are below.
• As another layer of privacy, SSL search turns off a browser’s referrers . Web browsers typically turn off referrers when going from HTTPS to HTTP mode to provide extra privacy. By clicking on a search result that takes you to an HTTP site, you could disable any customizations that the website provides based on the referrer information.
• At this time, search over SSL is supported only on Google web search. We will continue to work to support other products like Images and Maps. All features that are not supported have been removed from the left panel and the row of links at the top. You’ll continue to see integrated results like images and maps, and clicking those results will take you out of encrypted search mode.
• Your Google experience using SSL search might be slightly slower than you’re used to because your computer needs to first establish a secure connection with Google.

Note that SSL search does not reduce the data that Google receives and logs when you search, or change the listing of these terms in your Web History .

Does SSL provide complete security?

While SSL helps prevent intermediary parties, such as ISPs, from knowing the exact search that you typed, they could still know which websites you visit once you click on the search results. For example, when you search over SSL for [ flowers ], Google encrypts the query “flowers” and the results that Google returns. But when you click on a search result, including results like images and maps, you could be exiting the encrypted mode if the destination link is not on https://.

If your computer is infected with malware or a keylogger, a third party might still be able to see the queries that you typed. We recommend that everyone learns how to prevent and remove malware.

Remember that only Google web search supports search over SSL, so searching Google Images, for example, will not be encrypted.

Technical discussion of SSL protocol-level limitations

How can I confirm whether I’m on a secure connection?

Check to see that the URL you’re on starts with https:// instead of http://. Most browsers provide a visual confirmation (such as an icon of a lock) in the address bar or in the status bar at the bottom of the page. On Google SSL search, you’ll also see a special Google SSL logo with a lock icon. In addition to this logo, be sure to also check the https:// text in the address bar and any browser lock icons.

When you perform a search on https://www.google.com , you might see a warning if a page has some non-secure components: depending on your browser settings, you might see the lock icon turn into a warning sign, a pop-up message, or some other form of alert. This issue is often referred to as a “mixed mode error.”

Since this is a beta feature, there might be some rare cases in search over SSL that generate a mixed mode error. We’re working to prevent such errors, and you can help if you report any errors through our Help Forum.

(full original text at http://www.google.com/support/websearch/bin/answer.py?answer=173733&hl=en )

—————-
Now playing: UK Subs – C.I.D.
via FoxyTunes

(this next bit can affect everything from certain web transactions, to VoIP, to full disk encryption . . .)

AES-NI Performance Analyzed; Limited To 32nm Core i5 CPUs

Although not nearly so full featured as Gladinet, not bad for a single-use type scenario . . .

What is SkyDrive Explorer

SkyDrive Explorer is a free, easy-to-use, but very powerful extension for Windows Explorer. With SkyDrive Explorer you can make any every-day operations with your documents from Microsoft Live SkyDrive™ service (read more…) using Windows Explorer, as if they were on your computer.

Moreover you don’t need to install and configure any additional programs or ActiveX components. SkyDrive Explorer will organize the interaction with the online storage itself.

Features

Multifunctional

With the current 1.4 version you can enjoy the following functionality:

• View the structure and contents of folders in SkyDrive™;
• View files information (type, size, creation date in GMT format);
• Create new root folders and subfolders;
• Copy files into the storage;
• Delete files and folders;
• Copy files from the storage to the computer;
• Copy folders and subfolders from the storage to the computer keeping their structure;
• Use Drag & Drop for files operations;
• Rename files and folders;
• Create links to SkyDrive™ folders on your computer;
• Copy URL of the selected object(s) to the Clipboard;
• Automatic check for the latest version;
• Bidirectional languages support;
• Selection of your preferred interface language.

Fast

SkyDrive Explorer allows applying some operations for group of objects that is not possible in web browser. This increases performance of work with SkyDrive™.

Examples of multi-operations are:

• Renaming objects;
• Deleting group of objects;
• Copying folders with subfolders and files from SkyDrive™.

Easy

You don’t need to know how to work with the SkyDrive™ service in web browser. To work efficiently with your data in SkyDrive Explorer you just use base operations with files and folders in Windows Explorer.

Secure

SkyDrive Explorer uses the standard Microsoft library for work with Windows Live Id services. Your personal information does not leave this library and even is not passed to SkyDrive Explorer engine. Also, the traffic with online storage goes through HTTPS protocol that protects data from snoopers.

Cross-platform

SkyDrive Explorer works both in 32- and 64-bit Microsoft® Windows OS. Minimal required OS is Windows XP, and SkyDrive Explorer will successfully work in Windows Vista, Windows Server 2003 and 2008, and Windows 7.

—————-
Now playing: Grateful Dead – Good Lovin’
via FoxyTunes

Techie alert – sometimes it is helpful to see how your web site’s SSL certificate looks from other folks / outside.  These tools may help.

SSL Checker – SSL Certificate Verify.

SSL Certificate Tester – Check Certificates.

SSL Certificate Checker – CodeFromThe70s.org

I did not include gimped tools from the Thawte / Verisign company, as they only check their own certs.

These tests are done over the ‘net so may not be suitable for internal / LAN type sites.  But they also don’t require anyone to have tech knowledge, or make you use an openssl binary to connect manually from the command line.  Nor do they require you to bug anyone, asking if they can browse to it successfully, heh.  By all means, as always if you have a good link for other resources, just comment and I’ll add it.

J.

P.S.  For simple encryption without needing to verify anything but domain ownership, it’s pretty hard to beat Godaddy.  If you are interested in cheap, non business class, I’d recommend you scout out any of the $12.99 per year promo discount codes for them; they were already significantly cheaper than most other folks at $30 per year, but $13 is better.  Yep.  A company I dealt with last month paid on the order of $200 per cert, in bulk prepaid lots no less (!) for effectively the same cert from one of the original vendors.  That’s just not necessary in 2009 folks.

Forward looking folks : Check the https website cert that the entire WordPress.Com site is running on.  It’s a Standard SSL Wildcard, and it costs them under $200 per year to secure thousands of subdomains such as https://datasecurityclass.wordpress.com/2009/03/30/ihors-ssl-topic/ WordPress corporate (not .org, .com) felt it was fine to go with the Standard, and I agree.

It’s not so much that it costs less per year than the “Deluxe” SSL Wildcard, but if you check, the Deluxe has a max 3 year lifespan; their cert is good for 5 years total.  In essence, they got 5 years of SSL capability (trusted by that same 99.3% of browsers as other folks tout) for actually tens of thousands of sites, for $900 or less.  I get no commission from GoDaddy, but I think there’s a reason they’re beating the heck out of the rest of the industry in new SSL cert issuance.

In EV land, 2 years is the max, and there is no wildcard option due to tighter security requirements (as well as simple business sense, ahem).  EV makes great sense if you’re taking credit card orders on a screen; that should hopefully only be one website.

There are a lot of options out there when you’re about to choose a web host.

On the low end, where I live (for my personal sites, at least!) nearly all are “oversold”. If they weren’t, you really would not like the pricing. A related example : shop around, check with any internet pipe provider, and ask them what a guaranteed, non-shared pipe the size of your home broadband would cost per month. Be prepared for some sticker shock.

Low cost and good for many users, i.e. casual – this is where I plug my current personal web host.

A step up in price, and potentially performance : Grid model http://mediatemple.net/webhosting/gs/

As soon as I find some good comparison article out there, I’ll no doubt link it.  So far in 10 months time, I’ve been pretty happy at Dreamhost, with multiple users and domains all in that same < $10 per month package.

DH does offer free web hosting for non-profit groups, which I think is nice of them.  Additionally, GoDaddy offers SSL certs for free to open source projects. They’re who I bought the plain-but-functional SSL cert for this domain through (you’ll notice that you are on a secure site, if you register with this blog; during login, etc. you will be on ‘secure’ pages).

General disclaimer : pretty much any link to any sales site, web hosts included, gives the referrer (your blogger, in this case) some form of payout just for bringing you to their door.  A yup, I admitted it.

Random additional “General” blog topic : http://blogs.law.harvard.edu/philg/2009/08/07/cash-for-clunkers/ was pretty interesting. I’m definitely not driving my 13 year old vehicle much these days.