12.17.10
Microsoft Outlook is a Wiretapping Device, Just Like Hotmail and Hotmail 2.0 (Facebook)
Summary: Microsoft Outlook, an Office component, does what it says on the tin by providing an outlook on users
Wiretapping on Windows users is trivial due to irresponsible disclosure of source code and owing to FBI malware/backdoor-ware like CIPAV*. But what about Microsoft Office? Based on this new report from Ars Technica, “[u]sing Outlook’s mail rules can make you a wiretapper”:
Reading your boss’ e-mail account isn’t just a bad idea—it could also get you hauled in federal court on wiretapping charges. David Szymuszkiewicz, an Internal Revenue Service worker in Wisconsin, found this out the hard way after using an Outlook mail rule to copy his supervisor’s messages over to his own account for a full three years.
[...]
Easterbrook and two fellow judges agreed on appeal; this was wiretapping. There was no direct evidence that Szymuszkiewicz had set up the rule. No one had seen him do it, but he had the means, motive, and access to Infusino’s computer. In addition, Szymuszkiewicz’s own Outlook account showed that he had received the Infusino e-mails and then copied them into a personal folder, “which is not what would have happened had all of Szymuszkiewicz’s access been legitimate.”
Hotmail too is sensitive to eavesdropping even by the US government, reveals Cablegate (yes, snooping is part of the plan). Phil Shapiro has just published this complaint about Hotmail letting down Haiti relief volunteers. From the closing parts:
Here’s a solution to the problem. Microsoft, and all other free e-mail service providers, should provide some fee-based service for people to recover their password if their account has been compromised. The community member I’m helping, Jean Louis Jean Presnel, would gladly pay $25 to speak to someone on the phone about having his Hotmail password reset. Considering that it would take no more than 10 minutes for such a phone call to take place, Microsoft ought to provide this service. If they don’t voluntarily provide such a fee-based password recovery service, then maybe legislation is needed to require them to do so.
Add to this the observation that Facebook is eerily close to Microsoft. Moments ago someone told us in an IRC channel that this pair had just taken it another step further and Facebook is like Hotmail 2.0 in some ways. For privacy, always stay away from proprietary software. █
____
* In addition, Steven J. Vaughan-Nichols wrote a few days ago that “Windows is insecure by design” and the context was as follows:
Windows is insecure by design and used by hundreds of millions and many of those users wouldn’t know an anti-virus program from Angry Birds. Millions of Windows computers, including maybe yours, are slave labor in one of the various botnets. Since we’re not going to be rid of Windows anytime soon and it’s not going to get any safer, the reality is that botnet-powered, brute-force DDoS attacks are only going to continue.
Actually, that’s not true. I think DDoS attacks are actually going more and more often. Here are some ways to mitigate them.
