At least they are doing something and I hope more vendors follow and give users an option to force full-session HTTPS connections for all web properties.<\/p>\n
For the first time in its 13-year history, Microsoft’s Hotmail comes with the ability to protect email sessions with secure sockets layer encryption from start to finish.<\/p>\n
It’s the same always-on encryption Google Mail has offered for more than two years. And it comes with some pretty extreme limitations \u2013 namely the inability to protect email that’s downloaded using Microsoft apps including Outlook Hotmail Connector (required to use Outlook with Hotmail) and Windows Live Mail. But to hear Microsoft describe the new feature, you’d think it was a cure for the common cold.<\/p>\n
\u201cAs you saw, with the recent additions of several security features to Hotmail, including Single-Use codes and new account recovery options, building towards the most secure webmail experience is very importance to us,\u201d a spokeswoman, who asked that her name not be published, wrote in an email. \u201cWe will continue to incorporate leading-edge security features to better protect our customers. With today’s addition of full-session SSL encryption to Hotmail, we are delivering even more secure Hotmail sessions.\u201d<\/p><\/blockquote>\n
The funny thing is, now they have pushed this out…but only for the web. If you are using software to access your Hotmail account (Outlook or Windows Live Mail) it doesn’t work..I wonder if anyone has tried it with Thunderbird yet? Or any other 3rd party apps.<\/p>\n
Gmail<\/a> works flawlessly with TLS\/SSL for all apps I’ve tried, I’m not a Hotmail user so I can’t confirm or deny the above. It does give some modicum of security if the users in question only access their Hotmail via the web interface – but if they are using software..they are still vulnerable.<\/p>\n