SSL for Hotmail blocks Windows Live connections
Microsoft has started to offer fully encrypted SSL connections to those who use the web front end of the Hotmail email service. Previously, only the service's log-in procedure was SSL encrypted, but attackers were able to read other users' emails, for instance, on unsecured Wi-Fi networks, or even gain unauthorised account access by copying a user's cookies. The Firesheep plug-in for Firefox makes easy work of this task.
At least in Hotmail, such attacks have now become more difficult. However, the switch is not a direct response to the release of Firesheep, as it was already announced back in September.
To automatically enable SSL for Hotmail, simply access https://account.live.com/ManageSSL and enable the option "Use HTTPS Automatically". Unfortunately, Microsoft say that this prevents users from accessing their accounts via such email clients as Outlook Hotmail Connector or Windows Live Mail – including the Live apps for Windows Mobile up to version 6.5 and Symbian. Users who require this functionality should simply establish temporary SSL connections to Hotmail via https://hotmail.com.
- Microsoft responds to Firesheep cookie-jacking tool, a report from The H.