The Security Detail

Mar 26 2011   1:15AM GMT

Microsoft Leaves Freedom Fighters Vulnerable by Turning Off HTTPS

Tony Bradley Tony Bradley Profile: Tony Bradley

The Electronic Frontier Foundation (EFF) reports that Microsoft has disabled the option to have all Hotmail communications encrypted with HTTPS in a variety of countries, including Iran, Myanmar, Bahrain, Sudan, and other nations where intercepted emails could place political dissidents in grave danger.

Just this week, an attack suspected to be a state-sponsored attack emanating from Iran compromised Comodo SSL certificates for a number of domains such as Google, Yahoo, Skype, and Microsoft’s Windows Live. Why would Iran want SSL certificates for these domains? The speculation is that rogue SSL certificates would allow the nation to spoof the sites and intercept sensitive communications of political dissidents and freedom fighters.

Turn on the news. Political upheaval is rocking entire regions–primarily across Africa and the Middle East. Look at Lybia. These nations are not shy about using any means necessary to put an expedient end to political protests or rebellion. Those with the courage to speak out, or to take charge and organize opposition against the reigning regime are arrested or killed.

Microsoft needs to explain why it has chosen to take away the encryption that is so crucial to protecting communications. Not only why–but why in these nations in particular.

Those affected do have some options, though. The EFF points out that users can change the country associated in their profile to another nation where the HTTPS option is still on–like the United States. Another alternative is to simply stop using Hotmail, and instead switch to a webmail service that does have HTTPS encryption like Google Gmail.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: