Microsoft can't find the security issue in its Hotmail service?
March 26, 2011
Microsoft is placing the blame on a still unknown security flaw in its Hotmail email service for preventing access to the encrypted version of Hotmail, and the company is still denying that it deliberately blocked access to the service in Syria.
Violent protests erupted yesterday in Syria, with dozens of people killed in and around the city of Daraa and a boy slain in the coastal town of Latakia, reports said. "The situation in Syria has worsened considerably over the past week, with the use of live ammunition and tear gas by the authorities having resulted in a total of at least 37 people being killed in Daraa , including two children," said Rupert Colville, a spokesman for the U.N.'s Office of the High Commissioner for Human Rights.
On Friday afternoon, Microsoft said that Hotmail users who had already enabled the HTTPS version of Hotmail were still able to use it. Only users trying to turn on HTTPS for the first time in certain countries were being blocked, the software giant said.
People trying to connect were greeted with the message "Your Windows Live ID can't use HTTPS automatically because this feature isn't available for your account type."
Microsoft said it still doesn't know what caused the security issue, but it has been resolved and the company is investigating the cause. "We do not intentionally limit support by region or geography and this problem wasn't restricted to any specific country of the world. We apologize for any inconvenience to our customers that this may have caused," a Microsoft spokesperson said.
Microsoft added that users in the Bahamas, the Cayman Islands and in Fiji were also affected, basically repeating that the issue didn't just affect Syria but other countries as well.
Microsoft made HTTPS available for Hotmail inbox, calendar and contacts in November 2010. The security issue was first flagged by a Syrian user who posted a screen grab to TwitPic. That sparked concern across Twitter users that Microsoft had blocked HTTPS in Syria.
The user is a computer engineering student apparently based at the University of Jordan, in Amman. There were protests in the capital Damascus, as part of a nationwide call for change called "day of dignity".
Internet security researcher Christopher Soghoian suggested HTTPS was being blocked not just in Syria, but in Egypt and Libya as well. Soghoian, a graduate fellow at the Center for Applied Cybersecurity Research in Washington D.C. said on Twitter that he'd set his Hotmail country to Egypt by default and that HTTPS had been prohibited. He then set his country to Israel and HTTPS by default was allowed. He tweeted "Hotmail HTTPS feature seems to depend on country set in preferences and not the IP you are connecting from."
Microsoft introduced HTTPS in Hotmail to protect user's log-ins, emails and other information from hackers and other unwanted scrutiny. Also, SkyDrive, Photos, Docs and Devices pages all started to use SSL encryption last November.
HTTPS wasn't extended to Outlook Hotmail Connector however, Windows Live Mail and Windows Live for Windows Mobile 6.5 and to Symbian phones, however.
Google's Gmail service loses over 150,000 accounts
A little over 150,000 Gmail users have been bracing themselves for the scary scenario of losing more than ten long years of email correspondance and storage during the past 36 hours. At around 3.00 PM ET Sunday, Google began investigating reports of some email issues with its service.
A few hours later, Google confirmed that a little over 150,000 of its Gmail users were experiencing service disruptions of one kind or another.
Google says that less than 0.09 percent of its user base was affected. But for a service with an estimated 194 million users, those numbers add up pretty fast. And those affected are understandably not too happy with the treatment.
"I logged in today and my account looks like a brand-new Gmail account! More than ten years of emails (17,400 of them) are all gone," one user wrote on Google's help forum.
"This happened to me this morning. Everything from six years ALL gone! Contact list is fine, but all communications have been deleted," another Gmail user wrote.
A Gmail employee said in the help forum that Google's technicians are working to resurrect users' full access. Google's status dashboard carried a similar message.
"We are fixing the issue. We have restored about 32.4 percent of users and are in the process of fixing the balance," a Google spokesman said late yesterday. "Everything should be back to normal in about 18 hours. It is our expectation that everything will be fully restored. We hope."
He added that Google has reduced its estimate of the percentage of Gmail users affected to 0.02 percent. But nevertheless, that still translates to around 39,000 Gmail users.
Those Gmail users are still stuck hoping that Google really can rescue all their data. Some observers are not so optimistic, however. "What if Google fails?" one wondered in the help forum. "If, ultimately, Google does not make this right in a timely fashion and I lose the main record of the last seven years of my life that will forever affect how I view trusting an anonymous server farm somewhere with my critical or even not-so-critical data."
Source: Microsoft Corp.
You can link to the Internet Security web site as much as you like.