Snowden Leak Reveals How Microsoft Helped the NSA Bypass Encryption

Privacy, spying, hacking, monitoring, tracking, just some of the words that people around the world have become frighteningly familiar with over the last few years. Edward Snowden uncovered many details of how our governments treat our data and he’s showing no sign of slowing down. His latest revelation reveals how Microsoft worked closely with the US Government, namely the NSA, to bypass encryption mechanisms that are intended to protect the privacy and data of the millions of users of Microsoft software such as Windows.

According to his article in The Guardian, NSA memos show that Microsoft helped the find a way to decrypt messages sent over various platforms, including Outlook, Hotmail and Skype, effectively handing them a backdoor into the data we entrusted them with.

While it’s no secret (anymore) that big tech companies were under pressure from various agencies to provide them with data on users, both with and without a warrant or similar legal document to back up their demands. However, the new leaks suggest Microsoft actively went out of their way to assist federal investigators, such as helping to circumvent encrypted chat messages via Outlook.com, prior to the product being launched to the public!

How Microsoft will react from this, especially given the privacy concerns of many in regards to Windows 10, remains to be seen.

Thank you RT for providing us with this information.

Microsoft Outlook Web App Vulnerable to Password Hacking via “Backdoor”

Typical Microsoft, the tech giant has more backdoors than Disneyland and World put together; the latest vulnerability that has been unearthed by researchers is a pretty serious breach and allows an attacker the option to steal e-mail authentication credentials from major organizations.

So what is it this time? The Microsoft Outlook Web Application or OWA in question is an Internet-facing webmail server that is being deployed within private companies and organisations, this then offers the ability to provide internal emailing capabilities. Research and subsequent analyses undertaken by security firm “Cybereason” has discovered a backdoor of sorts in the form of a suspicious DLL file. This file was found to be loaded into the companies OWA server with the aim of siphoning decrypted HTTPS requests.

The clever part of this attack is the innocuous nature of deployment in the form of the file name that was the same as another legitimate file; the only difference was the attack file was unsigned and loaded from another directory. According to Cybereason, the attacker (whoever it might be, mentioning no names) replaced the OWAAUTH.dll file that is used by OWA as part of the authentication mechanism with one that contained a dangerous backdoor.

Thus, this allowed attackers to harvest log in information in plain decrypted text, even more worrying is the discovery of more than “11,000 username and password combinations in a log.txt file in the server’s “C:\” partition. The Log.txt file is believed to have been used by attackers to store all logged data”.

The attackers ensured the backdoor could not be removed by creating an IIS (Microsoft Web Filter) that loaded the malicious OWAAUTH.dll file every time the server was restarted.

Indeed, yep, same old same old then, breaches of passwords is worryingly common in the digital age, there needs to be a radical re think of security infrastructure. I do feel companies are using tech as a cheaper alternative without investing in system protection or even real-time analyses, servers and communication lines are being ignored to the point whereby attackers have free reign over such systems. I wonder as I write this as to what else is being siphoned to individuals and attackers, if I see next the formula for Coke in China own brand cola, then it will make sense.

Thank you cybereason for providing us with this information.

Image courtesy of thehackernews

Outlook for Android Now Ready for the Real World

After releasing 17 updates since its original launch, the Microsoft application has now had the preview title removed from the Play store. The team at Microsoft have had high expectations for Outlook, and whilst enhancing the apps performance and removing bugs they named the app as a Preview.

The application brings some new and welcomed features that make it a lot different from the standard mail client on your Android. The app features IMAP support, a revised people section, directory searching, swipe gestures and much more; the majority of the new features and changes have been requested by the end users.

“We’ve continued to polish the look and feel of the app. We updated our icon sets and simplified our fonts to provide a more consistent Outlook experience across operating systems and devices. But it was also important for Outlook to feel like a natural part of Android. We use common Android design principles like the Navigation Drawer to house the multiple tools offered in the app and have common actions like settings available in the App Overflow menu,” Microsoft explains.

The Application is available to Android users running version 4.0 and higher. The latest version of the app is 1.1.9 and is available to download here

Thank you Winbeta for providing us with this information

Image courtesy of winsupersite

The Top 10 Features of Microsoft’s Office 2016 Mac Preview

Microsoft is finally releasing a new redesigned version of its Office suite for Mac this year. The new suite is the first refresh of Microsoft Office for Mac since 2011, a 5 year gap during which Microsoft did not release any new version for Apple’s operating system.

The new Word, Excel, Powerpoint and Outlook apps aim to bring the Office suit in par with the Windows version in terms of design and functionality. Being a preview version means that the apps are not perfect. However, Microsoft states that it will only use the user feedback to make a few minor tweaks and improvements, which leads to believe that the final product will be more or less how it looks and feels now.

The top 10 features of Microsoft Office 2016 for Mac, as highlighted by Mashable, includes a Full Screen View Support, clearly emphasising that Office 2016 for Mac is truly built for Yosemite and can switch from windowed to full screen, compared to its predecessor which could not.
https://zippy.gfycat.com/EnchantingImpoliteGenet.webm

Microsoft has also made some design changes and redesigned the Ribbons, making a consistency between both Windows and Mac version. These are now the same on both operating systems.
https://zippy.gfycat.com/CalmCarelessCoyote.webm

The suite now lets you share your documents with easy through the Sharing button in the upper right corner. Documents shared via link can even be opened directly from the email.
https://zippy.gfycat.com/FoolhardyExaltedAngora.webm

Sharing a document with a collaborator now allows you to have Threaded Conversations within comments in Word and Powerpoint. Though it is not as good as in Google Drive, it does show that Microsoft is moving forward into the right direction.
https://zippy.gfycat.com/ThoroughUntriedGonolek.webm

Microsoft has also included a new Formula Builder in its latest version, making it easier to use Excel’s formula functions in your work.
https://zippy.gfycat.com/FirsthandBigAdder.webm

Powerpoint has also received an improvement in terms of transitioning, having Microsoft adding a variety of Transitions and a separate panel for managing animations within the presentation.
https://zippy.gfycat.com/AffectionateDelightfulCoati.webm

One key feature most people using a Mac and frequently require Powerpoint will find extremely useful is the Presenter View, which lets users see the entire slide deck, note, and a timer, while an external display beams the current slide to the audience.
https://zippy.gfycat.com/IndelibleTintedGartersnake.webm

Microsoft has also added a nifty feature, namely Removable Palettes, for those who desire to customize the Office apps view to better suit their needs
https://zippy.gfycat.com/MedicalTangibleEstuarinecrocodile.webm

The OneNote app has not been forgotten as well, having it come with a Tags function which makes it easy to quickly categorize notes by topic.
https://zippy.gfycat.com/TeemingAcidicCurlew.webm

Lastly, Outlook has suffered some minor improvements as well, having added the Conversations feature which allows users to sort their inbox by conversations, in addition to date, attachments, priority level and other categories.
https://zippy.gfycat.com/ScratchyClearcutGhostshrimp.webm

Microsoft’s Office 2016 Preview for Mac can be downloaded from here.

Thank you Mashable for providing us with this information

Outlook.com Removing Support for Google and Facebook Chat

Outlook.com, Microsoft’s popular webmail service, has announced that it is to remove support for Facebook Chat and Google Talk. Currently, users of Outlook.com can access the two chat service within their account. Microsoft says that the feature will be removed “within the next couple of weeks.”

In an email to Outlook.com users, Microsoft made it clear why they’re removing Google Talk support, saying that it is “due to Google’s decision to discontinue the chat protocol used by the Google Talk platform.” However, they were less clear about Facebook, leaving no reason behind the change. The two features were highly requested and both subsequently very popular amongst users of Outlook.com and now Microsoft is suggesting that such users try out their own Skype functionality instead.

Outlook.com is the current evolution of Microsoft’s famous Hotmail; the highly popular webmail service that accompanied MSN throughout the early 90s and until the recent variant. Outlook was essentially the name to represent a substantial update to the service, adding more features, including the social functionality that the company is now removing.

Source: The Verge

Killing Hotmail And Moving To Outlook Has Been Successful For Microsoft So Far

Microsoft’s transition from their Hotmail email service to the new Outlook email service has been a successful one if statistics published by Microsoft are to be believed. Softpedia reports that 68% of Outlook users now access their email on a mobile device compared to Hotmail where it wasn’t even fully supported on mobile devices and could only be accessed via a mobile browser. With the Outlook email service being optimised for mobile devices, Outlook has seen a tripling of mobile usage within the last year and more people now access Outlook on a mobile device than on any other platform. Despite the teething problems of the initial move from Hotmail to Outlook it seems that it was an overall quite successful move for Microsoft.

Despite the large mobile user-base the app on the Google PlayStore receives a relatively poor reception with users complaining of widespread bugs with the service, 100K+ reviews sees an average rating of 2.6 out of 5. It appears despite the successes Microsoft still has much work to do.

Image courtesy of Microsoft

Microsoft Wants To Increase 16 Character Password Limit

Microsoft’s Outlook.com team took to Reddit to engage in an Ask Me Anything (AMA) session recently. One of the hotly debated topics was the reasoning behind the 16 character password limit Microsoft implement. Microsoft’s Outlook.com team still believes that malware and phishing techniques are the most common for compromising accounts. It also believes that the uniqueness, choice and arrangement of characters is generally more important than the password length.

“Please note our research has shown uniqueness is more important than length and (like all major account systems) we see criminals attempt to victimize our customers in various ways; however, while we agree that in general longer is better, we’ve found the vast majority of attacks are through phishing, malware infected machines and the reuse of passwords on third-party sites – none of which are helped by very long passwords.”

Microsoft says that it will increase the character limit in the future and that this is something the Outlook.com team is currently working on but it did say that it will take quite some time due to the difficulty in centralising the password logic across different products.

“Sixteen characters has been the limit for years now. We will always prioritize the protection needs of users’ accounts and we will continue to monitor the new ways hijackers and spammers attempt to compromise accounts, and we design innovative features based on this. At this time, we encourage customers to frequently reset their Microsoft account passwords and use unique passwords that are different from other services…We are working on increasing the password length. Unfortunately, for historical reasons, the password validation logic is decentralized across different products, so it’s a bigger change than it should be and takes longer to get to market.”

Image courtesy of Microsoft

Microsoft Apologises For Outlook.com Outage

After days of intermittent problems with the Outlook.com service Microsoft has made a public apology for the mayhem to their free online email client. The message on its service status page described the most recent problems as caused by a glitch in the caching service which is why the status page told people the servers were available but some users couldn’t access the service.

“This incident was a result of a failure in a caching service that interfaces with devices using Exchange ActiveSync, including most smart phones. The failure caused these devices to receive an error and continuously try to connect to our service. 

This resulted in a flood of traffic that our services did not handle properly, with the effect that some customers were unable to access their Outlook.com email and unable to share their SkyDrive files via email.

In order to stabilize the overall email service, we temporarily blocked access via Exchange ActiveSync. This allowed us to restore access to Outlook.com via the web and restore the sharing features of SkyDrive. These parts of the service were fully stabilized within a few hours of the initial incident. 

A significant backlog of Exchange ActiveSync requests accumulated as we worked to stabilize access. To avoid another flood of traffic, we needed to restore access to Exchange ActiveSync slowly, which meant that some customers remained impacted for a longer period of time.

We want to apologize to everyone who was affected by the outage, and we appreciate the patience you have shown us as we worked through the issues.”

So if the past few day of trying to use Outlook.com have driven you nuts then at least you know Microsoft has apologised for the disruption to its service. Hardly very useful though if you needed your Outlook.com to work at specific points in the past few days. I know a lot of people have already migrated to other services in protest, particularly that of Microsoft’s greatest rival – Gmail.

Image courtesy of Microsoft

Outlook.com Still Experiencing Intermittent Problems After Outage

Microsoft’s Outlook.com email service recently suffered from a two day outage leaving many users and customers quite bitter that they couldn’t access their emails during the week. Microsoft has now claimed to have fixed the outage with their free email client but users are still complaining about login issues according to Softpedia.

Microsoft’s status page indicates that Outlook.com should now work fine but many users are currently experiencing login problems.

“Outlook.com experienced an incident that caused some customers not to be able to access their account or share their SkyDrive files. We have restored web access for all customers, but some people might still see issues with their mobile devices. We are working to restore full mobile access as quickly as possible. For the latest information, we encourage users to visit the status page” a Microsoft spokesperson said.

Users can find the status page of Microsoft’s Outlook.com service right here.

Image courtesy of Microsoft

Microsoft Attacks Gmail Again With A New Video As Part Of “Scroogled” Campaign

Microsoft has rekindled its Scroogled campaign this time producing a new video to attack Google’s Gmail email service. The new video, seen below, shows how Google manages to successfully implement adverts into your inbox by disguising them as emails.

Microsoft says that Google scans through your inbox for keywords and content before delivering targeted advertisements based on those which are disguised as unread emails at the top of your Gmail inbox. Naturally Microsoft is using this as a reason as to why you should switch to their Outlook.com service instead because they do not deliver such “intrusive” advertising.

Google violates your privacy by reading every single word of every single email sent to and from Gmail accounts so they can better target you with ads. Now, they’re going one step further over the line by using that same personal information to spam your inbox with ads that look like real emails” said Microsoft on its Scroogled campaign website.

[youtube]http://www.youtube.com/watch?v=85G5QtlGDy4[/youtube]

Image courtesy of The Verge

Microsoft Collaborated Heavily With NSA And PRISM Says Report

A new report by the Guardian states that Microsoft worked heavily with the NSA in the PRISM program. These new documents show a few interesting things that might make you worry about the safety of your Microsoft data IF the allegations prove to be true. Apparently Microsoft helped the NSA circumvent encryption to allow it to intercept web chats from the Outlook.com portal. The NSA already had pre-encryption access to email on Outlook.com and Hotmail but struggled due to encryption. Microsoft allegedly worked with the FBI to to allow the NSA easier access to Microsoft’s SkyDrive service and all user files.

The report also explains how Microsoft worked with FBI’s data intercept unit to understand issues with Outlook.com’s new feature that allows users to create email aliases. Microsoft recently acquired Skype in July last year and apparently this has allowed them to triple the amount of Skype video calls collected via PRISM. Apparently data collected by the NSA is routinely shared with the FBI and CIA in a “team sport” kind of way.

Microsoft has already denied such allegations though it did state it does everything it has to when the U.S government makes requests:

“When we upgrade or update products we aren’t absolved from the need to comply with existing or future lawful demands” said Microsoft in a statement to the Guardian.

Image courtesy of the Guardian

Outlook Transition Complete, Hotmail Officially Dead

Microsoft’s Hotmail to Outlook transition was announced mid last year. The plan was to roll out Outlook as a refresh of the Hotmail web browser email client. Already having a program based email client called Microsoft Outlook, having Outlook.com made sense for Microsoft as a means providing an update but with a recognised email brand name. Microsoft’s refresh was born out of a need to revive the reputation of the dying Hotmail client that had suffered from long running spam and account security problems.

Microsoft says that this transition has now been fully completed to all its users meaning Hotmail is now officially a distant memory of the past. 300 million active user accounts have been moved from the Hotmail to the Outlook service and as you can imagine Microsoft found it quite challenging given the 150 million gigabytes of user data they had to preserve. Users can still retain their @hotmail email addresses but these will now operate within the Outlook.com email web client service. Microsoft’s full Outlook.com transition also adds SMTP support and increased SkyDrive integration.

“Our belief is that as people start using the new experience, they will come to love it even more than they loved Hotmail. We are keenly listening to what our customers have to say, and we’ll make the right set of adjustments to ensure that we make the experience as great as it can be” said Microsoft.

What are your thoughts on the end for Hotmail? Are you sad to see it go? Is Outlook.com a better service? What web email client do you use?

Source

Skype Video Calls Arrive In Browser Via Outlook.com

Skype has finally found its way directly into your browser, no longer requiring the stand alone software to run the worlds most popular voice and video streaming service, but its unfortunately not a smooth as that, as everything has a catch.

Microsoft has been quick to take full advantage of this feature for their Outlook.com email service and you’ll need a browser plug-in, not exactly a stretch I know but obviously you will need to be a user of the Outlook service to see any benefit of this feature.

Skype has not long announced a preview of their support for audio, video and instant messaging from directly within Firefox, IE ad Chrome, but integrating these directly into Outlook.com will mean you can quite literally call someone back from your email contacts list and get straight to the point, a very handy tool for business.

The new services are rolling out this week here in the UK, and US and Germany will be following over the next few weeks, the rest of the world will have to wait a little longer though and global rollout could take up to 5 months.

It will be interesting to see if Microsoft keep the plugin tied to Outlook or if it can be accessed from a wider part of the browser over time, but its certainly a step in the right direction to building a more unified browser and communications system, its always nice to have more options.

Microsoft Blames Hotmail and Outlook Outage on Overheating Servers

Tuesday’s outage of Hotmail, SkyDrive and Outlook services cheesed a lot of people off. Microsoft has apologised for the outage already and after a “mini-investigation” Microsoft has discovered that the cause of the outage was overheating at one of its Data-Centres which hosts the key Microsoft services.

Microsoft stated that on March the 12th at 3:35PM PDT its service was disrupted by a spike in temperatures in the DataCentre, the jump in heat occurred during regular firmware updates but they failed to work properly this time in an unexpected way. Automated safeguards kicked in which restricted the outage to that part of the infrastructure affecting Hotmail, Outlook and SkyDrive.

Microsoft said the problem required human intervention to fix, hence why the outage lasted over 12 hours. This incident adds to the poor reputation of Microsoft’s Hotmail service which has been plagued by widespread spam problems, spam filter problems and account hacking. We suspect this event could have triggered a further mass-migration to alternative mail services like Gmail representing the final nail in the coffin for many aggravated users.

Microsoft brought out Outlook as a fresh new version of Hotmail that allowed it to drop the tarnished name but since both services were affected by the same problem, damage has already been done to this new service which Microsoft officially launched only a few weeks ago.

Microsoft has officially apologised for the incident and said it takes outages very seriously but is that enough? Have you decided to move after the outage? Have you moved from Hotmail to Gmail in the past? Do you think Outlook provides a competitive service? Let us know what you think!

Source