If you try to force HTTPS, Bing strips the SSL. In light of the dangers exposed from Firesheep, Microsoft is looking into SSL and other security and privacy solutions for future releases of Bing.
No one wants another person to take over their account and impersonate them - or worse. HTTP session hijacking is nowhere close to a new vulnerability, but with the introduction of the Firefox addon, Firesheep, people who have never hacked, are trying the free and easy-to-use tool. After installation, a person can connect to an open Wi-Fi network, see which users on that network are on insecure social sites, and then double-click on that user to capture their cookie and be logged in as them. Four days and nearly 400,000 downloads later, it's time to see insecure websites get serious about protecting their users' privacy and security with full end-to-end encryption.
On the second day after Firesheep was released, Firesheep was the second suggestion on Bing when you typed "fire". With Bing on the brain, I went to bing.com and tried to add S to HTTP. The below screenshot is what happens - an invalid security certificate pops up. [Screenshot]
After poking around on Twitter, I saw that other people had tried it as well.
When I asked Microsoft if it intended to encrypt its connection so that HTTPS worked with Bing, a spokesperson said, "The security and privacy of our customers is very important to us at Bing. We are looking at SSL and other technologies for future releases of Bing."
Windows Live, live.com, is also listed among the sites that can be sniffed and hijacked with Firesheep. Errata Security's Robert Graham blogged, "The presentation on FireSheep has the really cool graphic above, showing an elephant in the room. That's what sidejacking is: how long will providers like HotMail (MSN Live) and Yahoo continue not to provide encryption for their e-mail products. Seriously, if you still use the free versions of HotMail or Yahoo Mail, you are an idiot."
Related Post : How to protect against Firesheep attacks