Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

March 26th, 2011, 07:57 GMT · By

Microsoft Disables Always-On HTTPS Option in Hotmail for Many Countries

SHARE:

Adjust text size:


Users in Arab countries can no longer use always-on HTTPS option in Hotmail
Enlarge picture
The Electronic Frontier Foundation (EFF) warns that Microsoft has, for some reason, disabled the ability of users in over a dozen countries to enable the always-on HTTPS setting in Hotmail.

The option was introduced in November last year and allows Hotmail users to have HTTPS enabled automatically for their entire session after authentication.

The EFF reports that users from Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan no longer have this ability.

When trying to enable the option, people who set one of those countries as their location in Hotmail, receive an error message reading: "Your Windows Live ID can't use HTTPS automatically because this feature is not available for your account type."

Without HTTPS enabled, users are open to man-in-the-middle attacks that can hijack their sessions, especially when using open wireless networks.

There been cases of large-scale government-run surveillance attacks using this method. During the protests in Tunisia earlier this year, the country's Internet authority which controls all perimeter gateways, used its powers to engage in mass phishing of social media accounts.

"For Microsoft to take such an enormous step backwards— undermining the security of Hotmail users in countries where freedom of expression is under attack and secure communication is especially important—is deeply disturbing," the EFF writes.

"We hope that this counterproductive and potentially dangerous move is merely an error that Microsoft will swiftly correct," the digital rights watchdog adds.

Fortunately, there is a solution for users, as changing the location to a Western European country like France or Germany will allow them to enable the setting again. Accessing Hotmail with https:// directly also works. This can be done manually or by using the HTTPS Everywhere browser extension.

Update March 29, 2011: Microsoft has fixed the problem. Read more here.

TELL US WHAT YOU THINK:

1,460 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


U.S. Senator Urges Internet Giants to Implement Default HTTPS
Google Leads the Way to SSL-Protected Mainstream Services
Microsoft to Implement Full-Session HTTPS in Hotmail

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use