• Technotalks - Leading Web Portal on Mobile Phone Reviews, Laptop Prices, Digital Camera, LCDs, MP3 Players and Camcorder

Microsoft to Implement Full-Session HTTPS in Hotmail

By on November 15, 2010

Considering the serious issues of internet phishing and hijacking, Microsoft has now said that it will soon launch the facility of encrypting the users’ Hotmail–SSL communication on opt-in basis.

This abets the users to prevent attacks of session hijacking. By the fall of the month of September, Microsoft tightened the security of the users’ Hotmail accounts by giving them the pass to incorporate contact numbers and trusted PCs to their Hotmail accounts. However, there is no guarantee that these manipulations will completely drive away the chances for hijacking of the user’s Hotmail account.

To completely mitigate the risk, Microsoft has been planning on the implementation of a full-session HTTPS (HTTP Secure). This new change will be implemented by the fall of the season.

This full-session HTTPS feature will be made available on https://mail.live.com towards the end of the month. If you could spot the difference, the change is ‘https://’ instead of ‘http://’.

Let’s take a brief look at how this would work. Users will have to enter the login details on their Hotmail account as usual. After that, users will be redirected to a page informing them that they are accessing Hotmail over HTTPS and if they want they can permanently enable it by clicking on ‘always use HTTPS’. This option is highly recommended if the users want to get the highest possible security. A message suggesting the same will also pop out.

However, users will be prone to attacks as soon as they start editing contacts list, check calendar or other non-HTTPS sites. Though enabling HTTPS helps prevent the hijacking attacks, it also creates problem with Windows Live Mail, Nokia phones’ apps, Windows Mobile and Outlook Hotmail Connector.

HTTPS is the blend of HTTP (Hypertext Transfer Protocol) and SSL/TLS protocol. This ensures encryption of communication that takes place between the clients and the server.

In the absence of HTTPS support, users get exposed to sniffing of network traffic by the hackers that enable them to steal users’ session cookies. The hackers after that keep such identification files inside their browser and access the victims’ accounts any time.

In addition, Microsoft is looking forward to implement full-session HTTPS on Bing. This will enable the users to encrypt their search history even when they get connected to the unprotected and insecure sites.

GD Star Rating