--Brian Valentine, Microsoft executive
Windows are famously easy to smash
THOSE who pay close attention to the news (as we typically do) have lost count of the number of Microsoft back doors, affecting a large number of products and vast number of people. The whole spectrum of application has a plethora of ways to take over PCs and intercept messages. That's not even an accident.
"There is not even a denial that there are back doors and wiretapping (without warrant). They just excuse themselves by saying "law enforcement"."Curiously enough, based on [1] (below), Microsoft continues to expose users on the Web, making its use of HTTPS a total sham, almost definitely by design (and intention). When users go to Outlook to read their E-mails things get even worse [2,3]. "Backdoor in Outlook Web Application operates inside target's firewall," to quote a Microsoft-friendly writer/publication.
Microsoft 'privacy' is a lie, as software like Skype serves to demonstrate. There is not even a denial that there are back doors and wiretapping (without warrant). They just excuse themselves by saying "law enforcement". The FBI never complains about encryption in Microsoft or Windows because there is none that's truly effective.
Don't believe what the media is saying right now about Vista 10 figures (e.g. number of devices or users) because these are lies, as we explained last week (many who tried Vista 10 moved away from it afterwards).
As Gupta's SAP blog concludes: "Note that Windows XP, Vista, 7, and 8 are all going down. With the exodus from Windows, if we as SAP don't create solutions on Linux and Mac/iOS, we will loose customers to those who do." ⬆
Related/contextual items from the news:
If you think using secure HTTP would be enough to protect your privacy when checking webmail, think again. When users connect to their Microsoft user account page, Outlook.com, or OneDrive.com even when using HTTPS, the connection leaks a unique identifier that can be used to retrieve their name and profile photo in plaintext.
A unique identifier called a CID is exposed because it's sent as part of a Domain Name Service lookup for the address of the storage server containing profile data and as part of the initiation of an encrypted connection. As a result, it could be used to track users when they connect to services from both computers and mobile devices, possibly even identifying users as their requests leave the Tor anonymizing network.
SECURITY RESEARCHERS FROM Cybereason have sounded a klaxon over a problem with the Microsoft Outlook Web Application (OWA) that could let attackers swoop in and tag and bag data and documents through the use of APT techniques.
Cybereason discovered the bug when a customer with some 19,000 endpoints suspected that it was the victim of infection.
Backdoor in Outlook Web Application operates inside target's firewall.