Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Denies HTTPS Shutdown Was Intentional

timothy posted more than 3 years ago | from the trial-balloon-popped-is-all dept.

Microsoft 69

jbrodkin writes "Microsoft acknowledged that Hotmail's HTTPS encryption service was shut off for users in some countries, but denied that it was because of an intentional ploy to limit email security in countries that have experienced anti-government protests and limits on freedom of expression. 'We do not intentionally limit support by region or geography and this issue was not restricted to any specific region of the world,' Microsoft said. Syria, Morocco, Bahrain, Iran, Lebanon, Jordan and Algeria were among the affected countries, but the problem is now resolved."

cancel ×

69 comments

Sorry! There are no comments related to the filter you selected.

I'm inclined to believe them (1, Interesting)

darien.train (1752510) | more than 3 years ago | (#35661616)

I'm not sure in what context I can imagine MS agreeing to turn off HTTPS to serve these dictators. There are better ways to help a dictator than change something that everyone can clearly see.

Re:I'm inclined to believe them (1)

gandhi_2 (1108023) | more than 3 years ago | (#35661708)

Hanlon's razor ftw.

Re:I'm inclined to believe them (1)

Anonymous Coward | more than 3 years ago | (#35662432)

Don't forget the corollary. "Any sufficiently advanced stupidity is indistinguishable from malice." Microsoft lives by this one.

Fool me once, shame on you... (3, Informative)

FriendlyLurker (50431) | more than 3 years ago | (#35663900)

...but Microsoft is trying to fool us twice [nytimes.com] ... yeah, shame on us.

Choice quote below, the parallel with this http "bug" is impressive::

When I originally wrote about this issue [bing Chinese search censorship] back in June, Microsoft protested. “From what you described, that’s not the way Bing is supposed to work,” wrote Kevin Kutz, a company spokesman. He said that Chinese speakers at Microsoft could not replicate my results and did not detect this kind of skewed result. I sent screen shots, and then Microsoft acknowledged the issue but said that it was simply a temporary mistake. “It’s a bug,” Kutz told me. Later, he added: “What’s important is it’s getting fixed.” Soon, he said, Bing searches would be the same for Tiananmen and other sensitive subjects, whatever the language.

(Thanks to pushing-robot for originally posting the link on /. here [slashdot.org] .

Re:I'm inclined to believe them (1)

GumphMaster (772693) | more than 3 years ago | (#35662638)

Curious, I would have assumed that such an action would be done to benefit US Government eavesdroppers, removing the need for decryption processing or pesky legal process, rather than the leadership of those various countries.

Re:I'm inclined to believe them (1)

RockDoctor (15477) | more than 3 years ago | (#35813002)

You seem to think that the interests of the USgovt eavesdroppers and the leaderships of these various countries diverge.

Why would you believe that? These countries are important supporters of the USgovt's War For Terror (TM, all rights reserved and acknowledged) ; the interests of these govts (status quo, continued energy sales) remain aligned,

Re:I'm inclined to believe them (2)

initialE (758110) | more than 3 years ago | (#35662986)

I'm inclined to believe them too. As it turns out, by giving root signing keys to Windows to despotic organizations (http://twitter.com/#!/marshray/status/29637858365022208) there is hardly a need to disable HTTPS anyway. As long as you are on a Windows computer, any SSL traffic you send can be intercepted.

Re:I'm inclined to believe them (1)

zimtmaxl (667919) | more than 3 years ago | (#35663718)

That's bad publicity. And this error must lead to a loss of users due to lost trust in the reliability of it's operation. If I were using hotmail I'd switch to Gmail or some other trusted provider.
What could be the advantage of such a measure - if it was on purpose?!

Re:I'm inclined to believe them (0)

Anonymous Coward | more than 3 years ago | (#35666284)

I didn't realize gmail garnered more trust than hotmail.

I agree, but lives were put at risk (1)

GameboyRMH (1153867) | more than 3 years ago | (#35665236)

It's understandable that this was a mistake, I suspected that from the beginning, but this doesn't change the fact that Microsoft has put FAR more lives at risk than Wikileaks ever did, so I expect some US military representative to show up on a major news channel any minute now and say Microsoft has blood on their hands. Any minute now.

Just a matter of time.

Still waiting...???

Wow. what a coincidence. (0, Troll)

unity100 (970058) | more than 3 years ago | (#35661642)

With this 'accidental' shutdown, microsoft successfully covered all of the countries that were experiencing unrest .... That would be hard even with an i.t. department hell bent on pulling that off intentionally.

Hurp. (0)

Anonymous Coward | more than 3 years ago | (#35661652)

Derp.

Re:Wow. what a coincidence. (4, Insightful)

Sc4Freak (1479423) | more than 3 years ago | (#35661714)

1) HTTPS gets turned off for a few hours in most of Northern Africa and the Middle East, and a few pacific islands
2) Several countries in the Middle East are experiencing unrest, therefore
3) IT MUST BE INTENTIONAL!!11

Re:Wow. what a coincidence. (2)

unity100 (970058) | more than 3 years ago | (#35661756)

why did such a thing NOT happen at any given point, before ?

Re:Wow. what a coincidence. (1)

Anonymous Coward | more than 3 years ago | (#35661964)

Correlation != Causation

If you've been on the internet for more than 5 minutes you'd already know that by now.

Re:Wow. what a coincidence. (1)

pankajmay (1559865) | more than 3 years ago | (#35662070)

Correlation != Causation

Right you are.

Re:Wow. what a coincidence. (1)

xclr8r (658786) | more than 3 years ago | (#35662664)

When you see a correlation you investigate it to see whether there is causation. You don't ignore it; Otherwise we would all still be flinging feces at each other instead of text across the internet.

Re:Wow. what a coincidence. (1)

mug funky (910186) | more than 3 years ago | (#35662894)

no, but the two are highly correlated.

Re:Wow. what a coincidence. (2)

nedlohs (1335013) | more than 3 years ago | (#35662148)

They've only had the thing available for four and a half months. The Tunisian protests started over 3 months ago.

This current unrest covers over 72% of the total time the feature has been available. Why would you expect it to have happened in the tiny window before them?

Re:Wow. what a coincidence. (1)

Gadget_Guy (627405) | more than 3 years ago | (#35662162)

why did such a thing NOT happen at any given point, before ?

Good question. At any given time in history, there is civil unrest going on somewhere in the world. Some oppressive regime will be clamping down on their citizens. So why did this thing NOT happen at all those given points before?

If this was a demonstration of a policy of helping out dictatorships, then why has it not been apparent on previous occasions. I suppose that you could say that this is a new policy, but then that would devalue your intimation that this is proof of malevolent intentions. It could just as easily be the first time that this bug appeared.

Given that others here have pointed out that this didn't stop HTTPS from working (only from allowing new people to opt use it) and that it didn't just affect countries that are currently undergoing unrest then I think it seems more likely that this was just some bug.

Re:Wow. what a coincidence. (1)

mug funky (910186) | more than 3 years ago | (#35662922)

If this was a demonstration of a policy of helping out dictatorships, then why has it not been apparent on previous occasions

well, there was the case with "pirate" software in Russia being investigated only in anti-govt organisations within Russia.

true, MS eventually acknowledged this problem and moved to correct it.

what's more worthy of asking is why even risk the bad PR when MS have no interest in oppression of states with relatively little money.

Re:Wow. what a coincidence. (1)

ReedYoung (1282222) | more than 3 years ago | (#35692258)

In what previous political upheavals have these technologies been so instrumental? Iran, maybe, but I would say not even then.

Re:Wow. what a coincidence. (3, Insightful)

grcumb (781340) | more than 3 years ago | (#35662220)

1) HTTPS gets turned off for a few hours in most of Northern Africa and the Middle East, and a few pacific islands 2) Several countries in the Middle East are experiencing unrest, therefore 3) IT MUST BE INTENTIONAL!!11

Not to take away from your argument (I agree that Hanlon's Razor applies here) but the South Pacific island nation mentioned in the Register story is Fiji, which is currently ruled military junta that regularly practices censorship and suppresses both free speech and fair journalism. Of all the nations mentioned, the only one that I saw that doesn't have a government that's anti-free-press is the Bahamas. (Congo might count, but only because it doesn't really have a functioning government.)

Re:Wow. what a coincidence. (1)

Archangel Michael (180766) | more than 3 years ago | (#35662862)

woah woah woah woah. "They" must be planning something for the Bahamas.

Re:Wow. what a coincidence. (1)

xMrFishx (1956084) | more than 3 years ago | (#35664454)

Yeah if they turn it into a "warzone" they can invade for many months and camp out on the beaches before declaring peace and a good sun tan.

Re:Wow. what a coincidence. (1)

Archangel Michael (180766) | more than 3 years ago | (#35668350)

It worked for Reagan in Grenada ...

Re:Wow. what a coincidence. (0)

Anonymous Coward | more than 3 years ago | (#35668100)

What with the wikileaks debacle and the pubic rebellions in some middle east countries this is possibly a move to stop a worldwide series of revolutions. If people in the U.S. or Canada took a week off work to educate themselves about government abuses we would probably take to the streets as well. While our quality of life is better we are perhaps even less involved in the actual governance of our countries than some of these other nations.
 
  Right wing or left wing doesn't matter, neither side would complain about putting credit card companies up against a wall and letting loose.

Re:Wow. what a coincidence. (1)

Anonymous Coward | more than 3 years ago | (#35661730)

They didn't want to point it out publicly but the inside work is it was caused upstream by problems with a recent Squid release, a new unknown developer inserted some buggy code that went unchecked. The countries in question use that instead of ISA server (number 1 product in the developed world) which is a little more costly in the short term but saves money over the long run.

Re:Wow. what a coincidence. (0)

mug funky (910186) | more than 3 years ago | (#35662972)

one more, motherfucker!

just one more unsolicited pro-microsoft astroturf and i'm coming after you!

don't think i can't find you, either.

Re:Wow. what a coincidence. (0)

Anonymous Coward | more than 3 years ago | (#35661754)

It covered neither "all the countries experiencing unrest" nor "only countries experiencing unrest".

Re:Wow. what a coincidence. (2, Interesting)

Anonymous Coward | more than 3 years ago | (#35661758)

Do you mean coincidence that /. and other press only focused on the small list of ones that had unrest and didn't bother to list all the of other countries affected? or coincidence that people choose to comment on it like it was a fact without actually checking?

Re:Wow. what a coincidence. (2)

hairyfeet (841228) | more than 3 years ago | (#35662448)

They rolled out a new feature and ...surprise surprise! There was bugs! Some of the islands in the South Pacific were also affected IIRC, are they having revolutions and someone forgot to tell us?

As for why there, well duh! You are talking about a whole bunch of different languages, most of which I'm betting really aren't that high on their "spend resources on QA" checklist. And if they were doing it intentionally, they wouldn't have left it trivial to turn back on by either checking a checkbox on startup or using a simple FF plugin. And this was what...six days from bug found to bug fixed, with workarounds announced at the time of the bug? Paranoid much?

So if you want to blame them for not doing as much QA as they should before they rolled out the update? Total agreement, they should have done more testing before flipping the switch. But trying to say this was some nefarious plot is a little too much tinfoil hattery friend. I mean I thought everyone here agreed that MSFT 1.0 equals seriously buggy? Isn't that why "Wait for SP1" is practically a mantra?

Yep (4, Insightful)

LBArrettAnderson (655246) | more than 3 years ago | (#35661672)

There were people who RTFA and sources (unlike the /. editor who accepted it) the first time around who posted this information in the comments section. There never should have been a story in the first place.

Re:Yep (1)

tsm_sf (545316) | more than 3 years ago | (#35662590)

There never should have been a story in the first place.

"Hotmail HTTPS temporarily disabled in scary-dictator-lands" is still news, even if it was the result of a mistake.

Re:Yep (1)

LBArrettAnderson (655246) | more than 3 years ago | (#35662714)

Fair enough, but surely there could have just been one article.

"Well, apparently if you actually RTFA and the sources for TFA, there is this other important bit of information that we left out of the summary in which we jumped to all the wrong conclusions..." (I know this won't quiet down the conspiracy theorists, but the fact that MS was open about this from the beginning makes them a bit more believable than coming out with a new story a few days later).

Re:Yep (1)

Macthorpe (960048) | more than 3 years ago | (#35664800)

I was most amused about the fact that they corrected the story on Slashdot... because they didn't mention Yahoo HTTPS is a paid for service. The actual false story remained up and unchallenged until now, despite the many comments saying it was wrong.

Other countries affected... (2)

Horizontal_Mode (1970618) | more than 3 years ago | (#35661682)

From TFA: "The HTTPS option had also been disabled in Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan and Kyrgyzstan."

"Hotmail users in the affected countries can turn the always-use-HTTPS feature back on by changing the country in their profile to any of the countries in which this feature has not been disabled, such as the United States, Germany, France, Israel or Turkey,"
--------
Sounds "regional" to me *cough*

Incompetance or Malfeasance (1, Flamebait)

relikx (1266746) | more than 3 years ago | (#35661694)

I like when large multinational corporations give us such inspiring choices.

In Before Microsoft Astroturfers? (-1)

Anonymous Coward | more than 3 years ago | (#35661696)

Aw hell, if you can't beat them, join them:

Hotmail is one of the first "cloud" applications ever. Microsoft's experience with "cloud computing" is therefore top-notch! I'm sure HTTPS being shut off had more to do with ongoing enhancements to the Azure platform [microsoft.com] than anything else. Even Gartner Group [gartner.com] agrees that Azure marks Microsoft's beginning of their inevitable cloudscape dominance.

It's possible that Microsoft is working on a replacement for HTTPS, and that the Azure platform [microsoft.com] is being rolled out in these despotic nations as a humanitarian gesture. Microsoft's committment to Open Source Software [codeplex.com] and top-notch development tools [microsoft.com] really overcomes any possible negative press or stock valuation that might arise from this minor mishap.

Re:In Before Microsoft Astroturfers? (1)

bmo (77928) | more than 3 years ago | (#35661720)

I think I threw up a little.

--
BMO

Re:In Before Microsoft Astroturfers? (0)

Anonymous Coward | more than 3 years ago | (#35661760)

Was it that believable? Wow, I might have a career as a professional M$ shill. I wonder how much they pay?

Re:In Before Microsoft Astroturfers? (1)

mug funky (910186) | more than 3 years ago | (#35662988)

probably not too much, or they'd be more believable.

personally i suspect some botman is trying to land a job at MS with all this.

They didn't shut off HTTPS (3, Interesting)

lseltzer (311306) | more than 3 years ago | (#35661906)

People who had opted into HTTPS in all these countries could still use it [windowslivehelp.com] . It's just that other users couldn't opt in. And they fixed it quickly when it was brought up. Why would anyone suppose it was intentional? And the Bahamas, Cayman Islands, and Fiji were also affected. I suppose Microsoft was sucking up to their dictators?

Re:They didn't shut off HTTPS (0)

zonky (1153039) | more than 3 years ago | (#35662004)

Fiji is run by a dictatorship. What is your point?

Re:They didn't shut off HTTPS (1)

Gadget_Guy (627405) | more than 3 years ago | (#35662216)

Fiji is run by a dictatorship. What is your point?

And the Bahamas and Cayman Islands? What is YOUR point? That the original poster was wrong because of one incorrect example? Do you have any proof that this was some massive international conspiracy?

Re:They didn't shut off HTTPS (1)

Dilaudid (574715) | more than 3 years ago | (#35663898)

"What is YOUR point? That the original poster was wrong because of one incorrect example?"

seems like a fair point to me. List of 18 countries that it's banned in, 3 are non-dictatorships, which is supposed to make some kind of point, except one of those is actually ... a dictatorship.

This is not proof, just evidence.

Re:They didn't shut off HTTPS (1)

lseltzer (311306) | more than 3 years ago | (#35664716)

I don't suppose this would impress you, but the CIA says that Fiji has a multiparty constitional democracy [cia.gov] .

Re:They didn't shut off HTTPS (1)

zippthorne (748122) | more than 3 years ago | (#35664868)

Wait... when did a spy agency charged with foreign operations and run by the notoriously corrupt State Department become the trusted source of geopolitical data?

Re:They didn't shut off HTTPS (0)

Anonymous Coward | more than 3 years ago | (#35673358)

Living in fiji here... Posting Ac for obvious reasons... That page is at least 5 years out of date... While our dictator seems serious about having elections in 2014, at this moment in time, fiji is still a dictatorship.

Re:They didn't shut off HTTPS (1)

Demonantis (1340557) | more than 3 years ago | (#35662206)

Simplest answer would be that Microsoft has divided the world up into regions(not exactly geographically, but some other system). A switch got thrown for the one regions and someone noticed and tried to connect dots as the region's countries would have similar aspects.

Re:They didn't shut off HTTPS (1)

rhizome (115711) | more than 3 years ago | (#35663094)

Why would anyone suppose it was intentional?

Because Microsoft is a huge company and they have processes that prevent random links from being removed from important pages accidentally. At least, I assume they would. Certainly you aren't suggesting that some developer fatfingered ^C (or whatever) and committed it straight to the production environment, are you?

Re:They didn't shut off HTTPS (1)

isorox (205688) | more than 3 years ago | (#35666456)

Why would anyone suppose it was intentional?

Because Microsoft is a huge company and they have processes that prevent random links from being removed from important pages accidentally. At least, I assume they would. Certainly you aren't suggesting that some developer fatfingered ^C (or whatever) and committed it straight to the production environment, are you?

The entire web presence of the BBC was off-line last night due to a cockup.

Re:They didn't shut off HTTPS (1)

tokul (682258) | more than 3 years ago | (#35663188)

Why would anyone suppose it was intentional?

It was not intentional. No suc^H^H^H agency asked it.

Re:They didn't shut off HTTPS (1)

gad_zuki! (70830) | more than 3 years ago | (#35665862)

The real problem (other than morons who love conspiracy theories) is that hotmail https is a mess. I use the hotmail plugin in Outlook and because of that I can't enable https. It breaks the plugin. Yet, my phone can do ssl-based activesync with hotmail.

MS needs to up their game and start fixing https issues. Heck, they should make https the default and stop letting people use weak passwords. I think a live account can have a 4 character password with just letters.

Re:They didn't shut off HTTPS (1)

tlhIngan (30335) | more than 3 years ago | (#35667358)

Or more likely, there was a bug in some change made, and it affected everyone. Just those in the affected countries had mass numbers of people trying to enable it for obvious reasons that it appeared to break there. The rest of the world either had it set or didn't know it existed.

After all, we don't know if it affected people in the US who set it, went "meh" and forgot all about it when it didn't appear to work (or they didn't notice). The folks in the middle east tried it en-masse and noticed it didn't work.

After all, if you get 100,000 reports of it not working in the middle east and maybe 10 of the same thing outside there, you'd think the 10 were doing it wrong and it wasn't working only in the middle east.

Plus the fact that it worked for those who has it set long before only made matters more confusing.

Re:They didn't shut off HTTPS (0)

Anonymous Coward | more than 3 years ago | (#35668184)

Those seem like good places to head off to if you've just pulled a major scam, like rich Americans so often do :)
 
  Corelation with Bill Gates' cottages doesn't = causation but it'd be an interesting angle :)

hmmm (0)

Anonymous Coward | more than 3 years ago | (#35661996)

1. turn off https
2. ???
3. Profit

Friends don't let friends (0)

Nyder (754090) | more than 3 years ago | (#35662510)

use MS products.

A little logic... (0)

plastick (1607981) | more than 3 years ago | (#35663054)

I'm surprised to see all the people jumping to the defense of Microsoft. Wow.

Let's see...

1.) they accidentally turned off all the encryption in all the countries that are trying to overthrow their government
2.) the current governments are very very very rich and powerful
3.) it's all because of a "bug" and has nothing to do with these government at all (a couple of extra countries are thrown in to "prove" it's not on purpose)

Ya right. lol

So you think that Microsoft is now gone completely ethical and wouldn't do such a thing to seal up a bunch of software deals for these countries? And would they do something so visible like turn off encryption? Umm... ya! Look at all the people posting who buy into Microsoft "amazing coincidence" hotmail bug. Point made. Never underestimate marketing, propaganda, and "experts". Also, remember Microsoft track record for arrogance (they think that you are all dumbasses) and thinking they are untouchable.

Let me just make this crystal clear. If it was legal for Microsoft (or any other multinational corporation) to act like a dictator and it would make a ton of cash, they would act just like a dictator.

Re:A little logic... (0)

Anonymous Coward | more than 3 years ago | (#35664790)

1) You don't like Microsoft.
2) You didn't read the story, only the highly inflammatory and provably false Slashdot summary.
3) Therefore, you've assumed that this couldn't possibly be an accident based on your personal feelings and an incomplete version of the facts.

I think my version is more accurate than yours.

I am scared (0)

Anonymous Coward | more than 3 years ago | (#35663510)

I am scared by the fact that they _can_ do it selectively.......

212 (-1)

Anonymous Coward | more than 3 years ago | (#35664324)

nike heels [nikeheelshigh.com]
nike high heels [nikeheelshigh.com]
nike high heels [nikejordanshighheels.com]
jordan high heels [nikejordanshighheels.com]

jordan heels [jordanheelsforcheap.com]
jordan high heels [jordanheelsforcheap.com]
nike high heels [jordanheelsforcheap.com]
nike heels [jordanheelsforcheap.com]
jordan heels for women [jordanheelsforcheap.com]

It is not the fact that this occurred, but (0)

Anonymous Coward | more than 3 years ago | (#35664844)

the likelihood that they did drop this intentionally and are now lying, that makes them so frustrating as a company. Seriously. the story was in /. and so many places and yet it was not stopped INSTANTLY. That alone says that it was intentional.

Woul they ever admit to it though (1)

hesaigo999ca (786966) | more than 3 years ago | (#35665418)

No one ever admits to bending over and taking it up the arse, especially for a country where their regime forces you to silence what they want you to. I guess with all the other MS BS stories running around here, they are trying to bring up their market shares with non sense, just my 2 cents....must be nearing quarter time, and want to up the stats...

Really now... (1)

kyrio (1091003) | more than 3 years ago | (#35665694)

Does anyone here really think that the people who are using hotmail actually know anything about security or if https is on or off? The same goes for the huge majority of people using any webmail (or any computer in general).

Hanlon's Razor (0)

Anonymous Coward | more than 3 years ago | (#35674804)

Never attribute to malice that which is adequately explained by stupidity.
http://en.wikipedia.org/wiki/Hanlon's_razor

M$ fail (1)

luk3Z (1009143) | more than 3 years ago | (#35676406)

M$ fail (again)...
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>