tipo Posted November 5, 2010 Share Posted November 5, 2010 Microsoft has begun allowing users to encrypt their entire Hotmail communications with SSL on an opt-in basis, in order to protect themselves from session hijacking attacks.At the end of September, Microsoft enhanced the security of Hotmail accounts by allowing users to associate trusted computers and mobile phone numbers with them.Aware that these changes don't completely mitigate the risk of account hijacking, Microsoft promised at the timeto implement full-session HTTPS by the end of this fall.Tthe feature is now finally here and can be activated by accessing mail.live.com with https:// in front instead of http://.After inputting their login details, users will get redirected to a page informing them that they are trying to access Hotmail over HTTPS and offering them the option to enable it permanently."For the most secure connection, we strongly recommend that you change your settings to always use HTTPS," a message reads.However, users are advised that if they check their calendar, edit contacts or go to other Windows Live sites, while authenticated, they will be exposed to attacks again.Furthermore, enabling the option to always use full-session HTTPS can cause problems with the Outlook Hotmail Connector, Windows Live Mail or the Windows Live application for Windows Mobile and Nokia.HTTPS (HTTP Secure) combines the Hypertext Transfer Protocol (HTTP) with the SSL/TLS protocol, in order to encrypt communications between a Web server and clients.Lack of full-session HTTPS support exposes users to session hijacking attacks, which involve hackers sniffing network traffic and stealing session cookies from users.These identification files can then be placed inside the attacker's browser to give them access to the accounts of the victims.This kind of attack, that has been known for over a decade, and people connecting over open wireless networks are most exposed to it.Microsoft is also considering implementing full-session HTTPS for Bing, which would allow users to encrypt their Web searches when connecting from unprotected networks."The security and privacy of our customers is very important to us at Bing. We are looking at SSL and other technologies for future releases of Bing," a Microsoft spokesperson told us.link Link to comment Share on other sites More sharing options...
mara- Posted November 5, 2010 Share Posted November 5, 2010 I'm getting: Your Windows Live ID can't use HTTPS automatically because this feature is not available for your account typeAnyone knows what's the issue here? Account type?Cheers ;) Link to comment Share on other sites More sharing options...
geko Posted November 5, 2010 Share Posted November 5, 2010 I'm getting: Your Windows Live ID can't use HTTPS automatically because this feature is not available for your account typeAnyone knows what's the issue here? Account type?Cheers ;)Me too. <_< Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted November 5, 2010 Administrator Share Posted November 5, 2010 Same error. But don't worry guys, it takes some time to implement it in all the accounts. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.