Hotmail

The H-Online: The whitec0de.com blog reports that, for $20, a member of a hacker forum offered to crack any Hotmail account within a minute – and that he kept his word. Apparently, the hacker found out about a critical vulnerability in Microsoft’s email service on a security forum, and the hole allowed him to change the passwords of arbitrary Hotmail users. The blog says that various users were affected as a result, for example because they used their Hotmail accounts to access services such as PayPal. Allegedly, the vulnerability was also exploited to change the ownership of particularly attractive, short account names such as [email protected] and [email protected]. ...

SophosLabs: Have you been told to verify your Hotmail account? Did you receive a message saying that Hotmail’s email servers were congested, and so they were removing all unused accounts? If so, I hope you responded to the email with a roll of the eyes and a quick stab of the delete button. Because if you didn’t, you might have been at risk of having your login credentials stolen. ...

Oh look, Microsoft is late to the party again? They are finally launching full-session SSL encryption to Hotmail a mere 2 years after Google did the same thing for Gmail. It looks like the release of FireSheep really has had an impact on web-application vendors due to the amount of mainstream media coverage it got and the sheer number of downloads. At least they are doing something and I hope more vendors follow and give users an option to force full-session HTTPS connections for all web properties. ...

Will believe that? I hope you don’t

Microsoft’s Hotmail rolled out its new service that allows streaming mail from other vendors like Gmail and Yahoo, in an attempt to make Hotmail the primary destination for email management rather than just a repository of spams. The new service is a feature that is borrowed from Microsoft Outlook that allows adding accounts from other email services. Dick Craddock, Group Program Manager at Windows Live Hotmail, said in a blog post: “We understand. You already have at least one email address and you probably don’t need another. You may also use your existing address for things other than just email, such as signing in to online shopping sites, which makes changing even more challenging. Also, you might have an address that you really like, but a similar name might not be available on another email service. “ ...

I’m constantly reminded how slow email actually is. On the homescreen of one of my smartphones, I’ve got the official Twitter widget and the official Facebook widget which are pretty much constantly refreshing. Likewise, my email inbox is set to refresh just as frequently. Every day, when someone sends me a message in Facebook or replies to a Tweet, the widgets tell me first, and then five minutes later I get the email alerting me again. Because of this, I have an email account just for social network updates that is overflowing with unread messages. ...

Microsoft has made the right decision to temporarily turn off Hotmail’s vacation (e.g., out-of-office) reply feature. Flip the switch off permanently, I say. “In our fight against spam, we sometimes have to make hard choices, and we had to make one this week. We discovered that spammers were using Hotmail’s automatic vacation reply feature to send spam from their Hotmail accounts,” Krish Vitaldevara, Windows Live Hotmail lead program manager, blogged late yesterday. I missed the post because of Apple’s iPhone OS 4 launch. I spotted the announcement first at LiveSide about an hour ago. ...