Hotmail always-on crypto breaks Microsoft's own apps For the first time in its 13-year history, Microsoft's Hotmail comes with the ability to protect email sessions with secure sockets layer encryption from start to finish. It's the same always-on encryption Google Mail has offered for more than two years. And it comes with some pretty extreme limitations – namely the inability …
....does not work with the, er, iGoogle mail plugin.
If you set it to "always on" (and the default here is "on when possible") all you get in iGoogle is a message saying that you need to turn it off so that your mail can be displayed. Actually, I have found it has something of a habit of occasionally coming up with that even when fallback is allowed. A close and reopen of the browser session fixes that one.
Just maybe the reason that Gmail's HTTPS function *seems* to work transparently with everything is that the default setting is to fall back to HTTP when the requestor cannot handle HTTPS?
MS, or is that MSN, or is that MS Messenger, or Hotmail, or Windows Live or ummmm there are so many permeatations - or versions of either and or all or bits of sum from 1999 until 2010.......
i actually admit to having a hotmail account - but when i faced all the bullshit with that AND I caught onto Microsoft doing regionalised affiliation with assorted media networks.... to shove insipid advertising in our faces - well before they caught onto the fact that having a 2 Meg attachment limit - was not an upgrade from 1 Meg, compared to Yahoo's and Gmail's 20 Meg attachment size...
Soooooooooooooooooo as long as this post has very little point to it, but then again so does Microsofts Hotmail.
Have they heard of them in Redmond?
If Hotmail and their desktop clients simply used good ol' IMAP and SMTP spiced with a little SSL/TLS, it would Just Work.
Of course that's the problem with Gmail: It's just so damn good and convenient.
Every time I start to worry about the privacy issues with having Google know as much as they do about my virtual comings and goings, they seem to add just one more neat little feature to Gmail...
Oh, I can quit anytime I want to. Really.
(Where's the crack addict icon.)
The fact that Hotmail is in this state just goes to show that MS don't and never have given a fig about security. SSL has been mainstream for donkeys now, and MS STILL haven't managed to get to grips with it.
But I agree with Baudwalk's post - if MS just stuck to the standards that are known to work and are reliable and (heaven forbid!) inter-operate with everything else (ie - SMTP and IMAP), rather than on insisting on trying to lock people into some proprietary crap (that even today, a staggering number of people are still unbelievably gullible about using), then it would "just work" like every other email system does.
As a paying customer I get "Your Windows Live ID can't use HTTPS automatically because this feature is not available for your account type.".
Then genius of this error message is just too much. Not guide on why I've got a unsupported account type or what can be done to help me. Just a big fat sod off.
Add that to a password which can't accept non-numeric characters and you have security and user experience designed by idiots I might finally have to get off my ass and get a decent email account. Ho hum...
My wife has a hotmail account that was hijacked (probably from Firesheep) and used to send spam to all her contacts. I changed the password (which did prevent further logins) but when I went to turn on https, I too got the lovely "Your Windows Live ID can't use HTTPS automatically because this feature is not available for your account type". Of course, they don't give *any* helpful information - no info on why it doesn't work, no info on how to correct it, etc. A search of help/support also turns up nothing vaguely useful.
My wife is now seriously looking at switching email to gmail even though she's had her hotmail account for 12+ years.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
