Microsoft Increases Security of Outlook Hotmail Connector

Microsoft has recently boosted the security of a certain tool that allows Outlook users to send and receive messages via Microsoft's web-based Hotmail service. The new Outlook Hotmail Connector now supports HTTPS, a protocol which encrypts all traffic between the email client and the Windows Live Hotmail service.

Back in November of 2010, Microsoft added an all-HTTPS option to Hotmail, due in part as a reaction to Firesheep, a Firefox add-on released the month before which allowed anybody to scan an unsecured WiFi network and hijack other people's access to Facebook, Twitter and a whole bunch of other websites.

The update to the Outlook Hotmail Connector that was released this week is simply a follow-up to Microsoft's move back in 2010. According to Microsoft's Outlook team, "Using a connection with HTTPS helps you be even more confident that your account is safer from hijackers, and that your private information remains private."

This new tool encrypts communication between Outlook and the Windows Live email, calendar and contact services. Google's Gmail beat out Hotmail to the HTTPS by more than a few years. Gmail users have had this option of encrypting all Gmail traffic since 2008. However, in mid-January of 2010 Google enabled HTTPS by default on the same day it accused hackers from China of breaking into its systems and trying to access the Gmail accounts of human rights activists who lived in the country at the time.

In addition to this, Microsoft has also updated the consumer-grade Windows Live Mail to support HTTPS as well. Unlike its Outlook Express predecessor, which just so happened to be bundled with Windows XP, Windows Live Mail is an optional download for Windows Vista and Windows 7. Outlook Hotmail Connector can be downloaded in 32-bit or 64-bit versions for Outlook 2003, 2007 and 2010 on Windows. There is no similar tool for outlook 2011, which was included with Office for Mac 2011.

The Windows Live Essentials update, which includes the HTTPS-enabled Windows Live Mail, is available here or on Microsoft's download website as well.

Source: Computer World - Microsoft beefs up Outlook-to-Hotmail security

A Tech Travel Agent can get a laptop rental to you within 24 business hours in over 1000 cities worldwide. Call 800-736-8772


We have 3987 Installers, Technicians and Engineers stationed in nearly 1000 locations worldwide to serve you.

Read More

Adobe Flash potentially puts most computers and users at risk

According to researchers there is a flaw within Flash that allows hackers to launch silent attacks on websites and users. Adobe hasn't tried to hide the fact that it is true and has suggested that its up to site designers to make sure they design their sites in such a way to prevent the attacks.

"The magnitude of this is huge," said Mike Murray, the chief information security officer at Orlando, Fla.-based Foreground Security. "Any site that allows user-uploadable content is vulnerable, and most are not configured to prevent this."

The problem lies in the Flash ActionScript same-origin policy which is designed to limit a Flash object's access to other content only from the domain it originated from, added Mike Bailey, a senior security researcher at Foreground. Unfortunately, said Bailey, if an attacker can deposit a malicious Flash object on a Web site -- through its user-generated content capabilities, which typically allow people to upload files to the site or service -- they can execute malicious scripts in the context of that domain.

"This is a frighteningly bad thing," Bailey said. "How many Web sites allow users to upload files of some sort? How many of those sites serve files back to users from the same domain as the rest of the application? Nearly every one of them is vulnerable."

The problem is that Adobe and security companies are trying to get the word out, but web application designers and programmers aren't listening. A few of the major sites that have actually locked down their servers to protect their users include Microsoft's Windows Live Hotmail and Google's YouTube, but sites like Google's Gmail and even some Adobe sites, still remain vulnerable. The researchers say the likelihood of an attack on Gmail is still very small, its also a very real possibility.

The only current defense users can employ against such attacks is to stop using Flash, or failing that, restrict its use to sites known to be safe with tools such as the NoScript add-on for Mozilla's Firefox, or ToggleFlash for Microsoft's Internet Explorer.

"The best mitigation is to not use Flash," argued Murray, "but we know that that's impossible for most users, since Flash is so widely used on the Web."

"Almost everyone using the Internet is vulnerable to a Web site that allows content to be updated inappropriately," said Murray. "That's not hyperbole, it's just fact. This has the potential to affect any social media site, any career site, any dating site, many retail sites and many cloud applications. That's why this attack is so serious. End users would never know they got exploited."

The best suggestion would be to get the news out about the vulnerability and hope that Adobe gets a patch to fix the problem before the slight flaw turns into a major headache for everyone.

Read More