Weekly Edition
Return to the Security page
| |||||||||||||
Microsoft kills Hotmail HTTPS access in several countries
The EFF is reporting
that Microsoft has disabled HTTPS access to its Hotmail service for users
in Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo,
Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and
Kyrgyzstan. "The good news is that the fix is very easy. Hotmail
users in the affected countries can turn the always-use-HTTPS feature back
on by changing the country in their profile to any of the countries in
which this feature has not been disabled."
[Update: Microsoft has acknowledged and fixed the problem, which was due to a bug and not done deliberately.] (Log in to post comments)
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 26, 2011 14:19 UTC (Sat) by endecotp (guest, #36428) [Link]
Apparently a temporary bug that is now fixed:
http://www.theregister.co.uk/2011/03/26/microsoft_https_h...
(and perhaps already fixed before you published the story???)
"Mystery bug" Posted Mar 26, 2011 15:28 UTC (Sat) by cesarb (subscriber, #6266) [Link]
Given what has recently happened to Comodo, I would not be surprised if this was an intentional bug. And I would not be surprised if the one who added this bug hacked into Microsoft to do so (that is, Microsoft also being the victim).
"Mystery bug" Posted Mar 26, 2011 17:15 UTC (Sat) by marduk (subscriber, #3831) [Link]
It does seem to be an interesting series of events.
"Mystery bug" Posted Mar 27, 2011 22:12 UTC (Sun) by PaulWay (✭ supporter ✭, #45600) [Link]
Note that there's no common language, common religion, common ethnicity, common currency or market, or common communications infrastructure, one cannot help but come to the conclusion that the thing in common was the dictatorial regimes running them. A "bug" says Microsoft? Yeah, right.
I'd be looking very carefully at the certificates that Microsoft allow for those countries after this. This is probably some fairly simple hack that got noticed far too quickly, and now something a bit more invisible has been put in place.
Have fun,
Paul
"Mystery bug" Posted Mar 28, 2011 9:30 UTC (Mon) by tzafrir (subscriber, #11501) [Link]
Those "dictatorships" (Lebanon sure isn't one. Not sure about Tajikistan. Many of the others don't have that oppressing a regime) are also far too diverse. What has the isolated military rulers of Myanmar (Burma) got to do with the Ayatollahs of Iran?
"Mystery bug" Posted Mar 28, 2011 13:27 UTC (Mon) by error27 (subscriber, #8346) [Link]
You might feel Lebanon is a wonderful place but in the US people see things differently. The US supported the war against Lebanon five years ago.
Maybe someone went through a list of countries where they thought that https should be turned on by default, but accidentally turned it off instead? Hopefully, Microsoft will come clean on this and give a better explanation.
"Mystery bug" Posted Mar 28, 2011 16:18 UTC (Mon) by cesarb (subscriber, #6266) [Link]
> Maybe someone went through a list of countries where they thought that https should be turned on by default, but accidentally turned it off instead?
That is also a very plausible theory.
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 26, 2011 21:31 UTC (Sat) by jcm (subscriber, #18262) [Link]
They were probably threatened. The correct thing to do would have been to withdraw operations in those countries entirely. I'm all for telling moronic governments to go shove it.
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 26, 2011 23:51 UTC (Sat) by ringlord (subscriber, #6309) [Link]
It certainly is an interesting bit of news, but what has this got to do with Linux (this is LWN, after all)? I would think Slashdot.org has covered this already
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 27, 2011 1:17 UTC (Sun) by Trelane (subscriber, #56877) [Link]
I would guess this: http://lwn.net/Articles/432797/
> As a result, anybody who has subscribed to an LWN mailing list from a Hotmail account has been unsubscribed. It must be said that we were surprised by just how many of those there were.
Why HTTPS access for hotmail is relevant here Posted Mar 27, 2011 8:07 UTC (Sun) by rvfh (subscriber, #31018) [Link]
I don't read /. and anything related to freedom in the computer world is relevant here.
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 27, 2011 9:24 UTC (Sun) by danielpf (subscriber, #4723) [Link]
Microsoft is THE first Linux opponent. If you think about it, the behavior of Microsoft is probably what gives most of momentum and justification to FOSS. This should be enough for publishing this article here.
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 27, 2011 12:18 UTC (Sun) by oblio (guest, #33465) [Link]
A negative goal is never a good way to live your life. It makes you bitter.
Secondly, this is not Microsoft's fault, they were probably forced to do this.
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 27, 2011 14:39 UTC (Sun) by danielpf (subscriber, #4723) [Link]
"A negative goal is never a good way to live your life. It makes you bitter."
The FOSS movement can be compared to a liberation movement in an oppresive political regime. When people feel their freedom is too restricted some of the people have the need to do something against the oppressive regime. The goal here has nothing like a negative side, and doesn't make people bitter, on the contrary, they get thrilled by the higher value of their actions, and by the fact that they initiate a solution to their problem. As illustration consider the present events in the Arab world.
It's different from, say, the hate against a neighbor which would motivate a revenge. A revenge is rarely solving a problem, while a liberation does.
So your statement is probably too general.
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 27, 2011 15:38 UTC (Sun) by spaetz (subscriber, #32870) [Link]
> The FOSS movement can be compared to a liberation movement in an oppresive political regime.[...]
> So your statement is probably too general.
And your's is likely to bee too simplistic :-). FOSS is too many things to too many people (and firms), to be allow to describes in one simple sentence.
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 27, 2011 16:21 UTC (Sun) by danielpf (subscriber, #4723) [Link]
It's why I used "compared" and not said it is equal.
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 27, 2011 18:45 UTC (Sun) by elanthis (guest, #6227) [Link]
The problem with that line of reasoning is that the concepts and ideals of Free Software (and Open Source) existed long before proprietary software ever existed.
The formalization of the ideas behind FOSS arose in response to the change in the software world towards proprietary, closed products, yes. But FOSS was not a rebellion against those ideas so much as it was a continuation of the older ideas.
(And then there's people like me, who really don't care for Free Software much at all and vastly prefer permissive/liberal licenses, and who are more and more proponents of the Big Evil simply because they polish and improve products while many -- possibly most -- major Open Source projects seem hell bent on getting their crap 80% done, getting bored with bug fixing and polish, and then rewriting everything from scratch for fun while the users are sitting there with their thumbs up their butts wondering when they'll actually have a stable, bug-free, usable piece of software.)
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 28, 2011 12:22 UTC (Mon) by nix (subscriber, #2304) [Link]
I've met a lot of free software developers. I have never met one whose reason for doing what he (alas, rarely she) did was 'I want to get back at Microsoft'.
No, it was always for the fun of it, to make better software, because sharing code is easier than locking it away, because you didn't lose everything when you changed jobs: hell, even for the paycheque alone (though that is thankfully rare). But essentially nobody I have ever met engages in a creative act like software development to oppose Microsoft. Lots of Slashdotters think that's why they do it, but as far as I can tell this is a symptom of distance from the code and testosterone poisoning, nothing more.
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 28, 2011 17:52 UTC (Mon) by danielpf (subscriber, #4723) [Link]
One cannot reduce the FOSS movement to developpers only, even if obviously they play a key role. The whole movement results also from non-programmers and companies actually using and distributing the programs, and by that producing feedbacks (tests, manuals) and various stimulations (apraisal, money) to developpers. For these non-developpers the motivations to use FOSS can be very different from the ones of developpers.
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 28, 2011 18:07 UTC (Mon) by rahulsundaram (subscriber, #21946) [Link]
In my experience both as a user and as a contributor in various forms for well over a decade, I have rarely if ever met a single person with a anti-MS position as the primary reason to use FOSS. They might exist but certainly a fringe element. I have seen freedom, flexibility and several other reasons commonly cited and that has nothing to do with any single organization. Reducing it to such low levels is a sham and a poor one at that without any evidence to back up such claims.
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 27, 2011 15:52 UTC (Sun) by cesarb (subscriber, #6266) [Link]
LWN has reported on HTTPS-related things before (for instance https://lwn.net/Articles/392692/ and https://lwn.net/Articles/394289/). LWN has also recently enabled a HTTPS-only mode (https://lwn.net/Articles/428594/), much like the one which was disabled by this "mystery bug".
Microsoft kills Hotmail HTTPS access in several countries (Update) Posted Mar 27, 2011 16:05 UTC (Sun) by jake (editor, #205) [Link] The EFF has updated its posting with information from Microsoft that states the problem was due to a bug, not a deliberate disabling for any particular region. It has now been resolved. jake
Microsoft kills Hotmail HTTPS access in several countries (Update) Posted Mar 28, 2011 8:52 UTC (Mon) by pbonzini (subscriber, #60935) [Link]
Yes, and hacks to Gmail weren't sponsored by the Chinese government to spy on activists.
I wonder why no Western European country is on the list...
Microsoft kills Hotmail HTTPS access in several countries (Update) Posted Mar 31, 2011 6:53 UTC (Thu) by jtc (subscriber, #6246) [Link]
..." information from Microsoft that states the problem was due to a bug, not a deliberate disabling for any particular region."
Yes, and if you believe that I've got a lovely bridge in Antarctica I'm sure you'll be interested in.
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 28, 2011 3:42 UTC (Mon) by allesfresser (subscriber, #216) [Link]
I still find it curious that the specific bug in question affected those specific countries.
Microsoft kills Hotmail HTTPS access in several countries Posted Mar 28, 2011 5:40 UTC (Mon) by AndreE (subscriber, #60148) [Link]
Yes it smells pretty fishy to me.
Microsoft kills Hotmail HTTPS access in several countries Posted Apr 5, 2011 21:50 UTC (Tue) by roelofs (guest, #2599) [Link] Yes it smells pretty fishy to me.Granted, but there's at least one obvious way something similar might happen: if those happen to be the newest markets added (either because no such service existed there before or merely because they had previously been lumped into one or more regional or functional categories), one could imagine an enumerated list with the new entries at the end. It doesn't take a malicious act to have a leftover, overlooked, hardcoded conditional that compares the previous highwater mark rather than the new one. No clue whether it's anything like that here, but it's frequently the case that country codes, language codes, character encodings, and the like are labelled with enums in i18n code and databases. Greg
|
|||||||||||||