LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

"Mystery bug"

"Mystery bug"

Posted Mar 26, 2011 15:28 UTC (Sat) by cesarb (subscriber, #6266)
In reply to: Microsoft kills Hotmail HTTPS access in several countries by endecotp
Parent article: Microsoft kills Hotmail HTTPS access in several countries

Given what has recently happened to Comodo, I would not be surprised if this was an intentional bug. And I would not be surprised if the one who added this bug hacked into Microsoft to do so (that is, Microsoft also being the victim).

(Log in to post comments)

"Mystery bug"

Posted Mar 26, 2011 17:15 UTC (Sat) by marduk (subscriber, #3831) [Link]

It does seem to be an interesting series of events.

"Mystery bug"

Posted Mar 27, 2011 22:12 UTC (Sun) by PaulWay (✭ supporter ✭, #45600) [Link]

Note that there's no common language, common religion, common ethnicity, common currency or market, or common communications infrastructure, one cannot help but come to the conclusion that the thing in common was the dictatorial regimes running them. A "bug" says Microsoft? Yeah, right.

I'd be looking very carefully at the certificates that Microsoft allow for those countries after this. This is probably some fairly simple hack that got noticed far too quickly, and now something a bit more invisible has been put in place.

Have fun,

Paul

"Mystery bug"

Posted Mar 28, 2011 9:30 UTC (Mon) by tzafrir (subscriber, #11501) [Link]

Those "dictatorships" (Lebanon sure isn't one. Not sure about Tajikistan. Many of the others don't have that oppressing a regime) are also far too diverse. What has the isolated military rulers of Myanmar (Burma) got to do with the Ayatollahs of Iran?

"Mystery bug"

Posted Mar 28, 2011 13:27 UTC (Mon) by error27 (subscriber, #8346) [Link]

You might feel Lebanon is a wonderful place but in the US people see things differently. The US supported the war against Lebanon five years ago.

Maybe someone went through a list of countries where they thought that https should be turned on by default, but accidentally turned it off instead? Hopefully, Microsoft will come clean on this and give a better explanation.

"Mystery bug"

Posted Mar 28, 2011 16:18 UTC (Mon) by cesarb (subscriber, #6266) [Link]

> Maybe someone went through a list of countries where they thought that https should be turned on by default, but accidentally turned it off instead?

That is also a very plausible theory.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds