Nice work
"They also showed how the auto-suggestion features in Google, Yahoo!, and Bing can leak the search terms users enter, even when traffic is encrypted over WPA. That's because the resulting packets are easy to identify by their 'web flow vectors.' [...] The most obvious solution is to 'pad' responses with superfluous data that confuses attackers trying to make sense of the traffic."
Um, no. The most obvious solution is to stop auto-suggesting, at least from the server end. You could presumably continue to auto-suggest on the client, so the end-user might not even notice that the facility had disappeared. Even if they did, it's hardly the end of the world to have to type stuff out in full.
Still, this is an unexpected leak, at least to me and probably also to the people who wrote these applications. Just as well independent security research isn't illegal, eh?