Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Denies HTTPS Shutdown Was Intentional

Posted by timothy on from the trial-balloon-popped-is-all dept.

jbrodkin writes "Microsoft acknowledged that Hotmail's HTTPS encryption service was shut off for users in some countries, but denied that it was because of an intentional ploy to limit email security in countries that have experienced anti-government protests and limits on freedom of expression. 'We do not intentionally limit support by region or geography and this issue was not restricted to any specific region of the world,' Microsoft said. Syria, Morocco, Bahrain, Iran, Lebanon, Jordan and Algeria were among the affected countries, but the problem is now resolved."

49 of 69 comments (clear)

  1. I'm inclined to believe them by darien.train · · Score: 1, Interesting

    I'm not sure in what context I can imagine MS agreeing to turn off HTTPS to serve these dictators. There are better ways to help a dictator than change something that everyone can clearly see.

    --
    I don't know how many years on this Earth I got left. I'm going to get real weird with it. - Frank Reynolds
    1. Re:I'm inclined to believe them by gandhi_2 · · Score: 1

      Hanlon's razor ftw.

      --
      THL phish sticks
    2. Re:I'm inclined to believe them by Anonymous Coward · · Score: 1

      Don't forget the corollary. "Any sufficiently advanced stupidity is indistinguishable from malice." Microsoft lives by this one.

    3. Re:I'm inclined to believe them by GumphMaster · · Score: 1

      Curious, I would have assumed that such an action would be done to benefit US Government eavesdroppers, removing the need for decryption processing or pesky legal process, rather than the leadership of those various countries.

      --
      Patent litigation: A doctrine of Mutually Assured Destruction... in which everyone seems willing to push the button
    4. Re:I'm inclined to believe them by initialE · · Score: 2

      I'm inclined to believe them too. As it turns out, by giving root signing keys to Windows to despotic organizations (http://twitter.com/#!/marshray/status/29637858365022208) there is hardly a need to disable HTTPS anyway. As long as you are on a Windows computer, any SSL traffic you send can be intercepted.

      --
      Starbucks, Harbuckle of Breath.
    5. Re:I'm inclined to believe them by zimtmaxl · · Score: 1

      That's bad publicity. And this error must lead to a loss of users due to lost trust in the reliability of it's operation. If I were using hotmail I'd switch to Gmail or some other trusted provider.
      What could be the advantage of such a measure - if it was on purpose?!

      --
      how IT is changing the world - http://max.zamorsky.name
    6. Re:I'm inclined to believe them by RockDoctor · · Score: 1
      You seem to think that the interests of the USgovt eavesdroppers and the leaderships of these various countries diverge.

      Why would you believe that? These countries are important supporters of the USgovt's War For Terror (TM, all rights reserved and acknowledged) ; the interests of these govts (status quo, continued energy sales) remain aligned,

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
  2. Yep by LBArrettAnderson · · Score: 4, Insightful

    There were people who RTFA and sources (unlike the /. editor who accepted it) the first time around who posted this information in the comments section. There never should have been a story in the first place.

    1. Re:Yep by tsm_sf · · Score: 1

      There never should have been a story in the first place.

      "Hotmail HTTPS temporarily disabled in scary-dictator-lands" is still news, even if it was the result of a mistake.

      --
      Literalism isn't a form of humor, it's you being irritating.
    2. Re:Yep by LBArrettAnderson · · Score: 1

      Fair enough, but surely there could have just been one article.

      "Well, apparently if you actually RTFA and the sources for TFA, there is this other important bit of information that we left out of the summary in which we jumped to all the wrong conclusions..." (I know this won't quiet down the conspiracy theorists, but the fact that MS was open about this from the beginning makes them a bit more believable than coming out with a new story a few days later).

    3. Re:Yep by Macthorpe · · Score: 1

      I was most amused about the fact that they corrected the story on Slashdot... because they didn't mention Yahoo HTTPS is a paid for service. The actual false story remained up and unchallenged until now, despite the many comments saying it was wrong.

      --
      "It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
  3. Other countries affected... by Horizontal_Mode · · Score: 2

    From TFA: "The HTTPS option had also been disabled in Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan and Kyrgyzstan."

    "Hotmail users in the affected countries can turn the always-use-HTTPS feature back on by changing the country in their profile to any of the countries in which this feature has not been disabled, such as the United States, Germany, France, Israel or Turkey,"
    --------
    Sounds "regional" to me *cough*

  4. Incompetance or Malfeasance by relikx · · Score: 1, Flamebait

    I like when large multinational corporations give us such inspiring choices.

  5. Re:Wow. what a coincidence. by Sc4Freak · · Score: 4, Insightful

    1) HTTPS gets turned off for a few hours in most of Northern Africa and the Middle East, and a few pacific islands
    2) Several countries in the Middle East are experiencing unrest, therefore
    3) IT MUST BE INTENTIONAL!!11

  6. Re:In Before Microsoft Astroturfers? by bmo · · Score: 1

    I think I threw up a little.

    --
    BMO

  7. Re:Wow. what a coincidence. by Anonymous Coward · · Score: 1

    They didn't want to point it out publicly but the inside work is it was caused upstream by problems with a recent Squid release, a new unknown developer inserted some buggy code that went unchecked. The countries in question use that instead of ISA server (number 1 product in the developed world) which is a little more costly in the short term but saves money over the long run.

  8. Re:Wow. what a coincidence. by unity100 · · Score: 2

    why did such a thing NOT happen at any given point, before ?

    --
    Read radical news here
  9. Re:Wow. what a coincidence. by Anonymous Coward · · Score: 2, Interesting

    Do you mean coincidence that /. and other press only focused on the small list of ones that had unrest and didn't bother to list all the of other countries affected? or coincidence that people choose to comment on it like it was a fact without actually checking?

  10. They didn't shut off HTTPS by lseltzer · · Score: 3, Interesting

    People who had opted into HTTPS in all these countries could still use it. It's just that other users couldn't opt in. And they fixed it quickly when it was brought up. Why would anyone suppose it was intentional? And the Bahamas, Cayman Islands, and Fiji were also affected. I suppose Microsoft was sucking up to their dictators?

    1. Re:They didn't shut off HTTPS by Demonantis · · Score: 1

      Simplest answer would be that Microsoft has divided the world up into regions(not exactly geographically, but some other system). A switch got thrown for the one regions and someone noticed and tried to connect dots as the region's countries would have similar aspects.

    2. Re:They didn't shut off HTTPS by Gadget_Guy · · Score: 1

      Fiji is run by a dictatorship. What is your point?

      And the Bahamas and Cayman Islands? What is YOUR point? That the original poster was wrong because of one incorrect example? Do you have any proof that this was some massive international conspiracy?

    3. Re:They didn't shut off HTTPS by rhizome · · Score: 1

      Why would anyone suppose it was intentional?

      Because Microsoft is a huge company and they have processes that prevent random links from being removed from important pages accidentally. At least, I assume they would. Certainly you aren't suggesting that some developer fatfingered ^C (or whatever) and committed it straight to the production environment, are you?

      --
      When I was a kid, we only had one Darth.
    4. Re:They didn't shut off HTTPS by tokul · · Score: 1

      Why would anyone suppose it was intentional?

      It was not intentional. No suc^H^H^H agency asked it.

    5. Re:They didn't shut off HTTPS by Dilaudid · · Score: 1

      "What is YOUR point? That the original poster was wrong because of one incorrect example?"

      seems like a fair point to me. List of 18 countries that it's banned in, 3 are non-dictatorships, which is supposed to make some kind of point, except one of those is actually ... a dictatorship.

      This is not proof, just evidence.

    6. Re:They didn't shut off HTTPS by lseltzer · · Score: 1

      I don't suppose this would impress you, but the CIA says that Fiji has a multiparty constitional democracy.

    7. Re:They didn't shut off HTTPS by lseltzer · · Score: 1

      The national anthem of Fiji

    8. Re:They didn't shut off HTTPS by zippthorne · · Score: 1

      Wait... when did a spy agency charged with foreign operations and run by the notoriously corrupt State Department become the trusted source of geopolitical data?

      --
      Can you be Even More Awesome?!
    9. Re:They didn't shut off HTTPS by gad_zuki! · · Score: 1

      The real problem (other than morons who love conspiracy theories) is that hotmail https is a mess. I use the hotmail plugin in Outlook and because of that I can't enable https. It breaks the plugin. Yet, my phone can do ssl-based activesync with hotmail.

      MS needs to up their game and start fixing https issues. Heck, they should make https the default and stop letting people use weak passwords. I think a live account can have a 4 character password with just letters.

    10. Re:They didn't shut off HTTPS by isorox · · Score: 1

      Why would anyone suppose it was intentional?

      Because Microsoft is a huge company and they have processes that prevent random links from being removed from important pages accidentally. At least, I assume they would. Certainly you aren't suggesting that some developer fatfingered ^C (or whatever) and committed it straight to the production environment, are you?

      The entire web presence of the BBC was off-line last night due to a cockup.

    11. Re:They didn't shut off HTTPS by tlhIngan · · Score: 1

      Or more likely, there was a bug in some change made, and it affected everyone. Just those in the affected countries had mass numbers of people trying to enable it for obvious reasons that it appeared to break there. The rest of the world either had it set or didn't know it existed.

      After all, we don't know if it affected people in the US who set it, went "meh" and forgot all about it when it didn't appear to work (or they didn't notice). The folks in the middle east tried it en-masse and noticed it didn't work.

      After all, if you get 100,000 reports of it not working in the middle east and maybe 10 of the same thing outside there, you'd think the 10 were doing it wrong and it wasn't working only in the middle east.

      Plus the fact that it worked for those who has it set long before only made matters more confusing.

  11. Re:Wow. what a coincidence. by westlake · · Score: 1

    With this 'accidental' shutdown, microsoft successfully covered all of the countries that were experiencing unrest

    Even The Register put a damper on this story: Microsoft: Mystery bug blocks Syrian secure Hotmail - Sun worshipers and fat cats hit too

  12. Re:Wow. what a coincidence. by Anonymous Coward · · Score: 1

    Correlation != Causation

    If you've been on the internet for more than 5 minutes you'd already know that by now.

  13. Re:Wow. what a coincidence. by pankajmay · · Score: 1

    Correlation != Causation

    Right you are.

  14. Re:Wow. what a coincidence. by nedlohs · · Score: 2

    They've only had the thing available for four and a half months. The Tunisian protests started over 3 months ago.

    This current unrest covers over 72% of the total time the feature has been available. Why would you expect it to have happened in the tiny window before them?

  15. Re:Wow. what a coincidence. by Gadget_Guy · · Score: 1

    why did such a thing NOT happen at any given point, before ?

    Good question. At any given time in history, there is civil unrest going on somewhere in the world. Some oppressive regime will be clamping down on their citizens. So why did this thing NOT happen at all those given points before?

    If this was a demonstration of a policy of helping out dictatorships, then why has it not been apparent on previous occasions. I suppose that you could say that this is a new policy, but then that would devalue your intimation that this is proof of malevolent intentions. It could just as easily be the first time that this bug appeared.

    Given that others here have pointed out that this didn't stop HTTPS from working (only from allowing new people to opt use it) and that it didn't just affect countries that are currently undergoing unrest then I think it seems more likely that this was just some bug.

  16. Re:Wow. what a coincidence. by grcumb · · Score: 3, Insightful

    1) HTTPS gets turned off for a few hours in most of Northern Africa and the Middle East, and a few pacific islands 2) Several countries in the Middle East are experiencing unrest, therefore 3) IT MUST BE INTENTIONAL!!11

    Not to take away from your argument (I agree that Hanlon's Razor applies here) but the South Pacific island nation mentioned in the Register story is Fiji, which is currently ruled military junta that regularly practices censorship and suppresses both free speech and fair journalism. Of all the nations mentioned, the only one that I saw that doesn't have a government that's anti-free-press is the Bahamas. (Congo might count, but only because it doesn't really have a functioning government.)

    --
    Crumb's Corollary: Never bring a knife to a bun fight.
  17. Re:Wow. what a coincidence. by hairyfeet · · Score: 2

    They rolled out a new feature and ...surprise surprise! There was bugs! Some of the islands in the South Pacific were also affected IIRC, are they having revolutions and someone forgot to tell us?

    As for why there, well duh! You are talking about a whole bunch of different languages, most of which I'm betting really aren't that high on their "spend resources on QA" checklist. And if they were doing it intentionally, they wouldn't have left it trivial to turn back on by either checking a checkbox on startup or using a simple FF plugin. And this was what...six days from bug found to bug fixed, with workarounds announced at the time of the bug? Paranoid much?

    So if you want to blame them for not doing as much QA as they should before they rolled out the update? Total agreement, they should have done more testing before flipping the switch. But trying to say this was some nefarious plot is a little too much tinfoil hattery friend. I mean I thought everyone here agreed that MSFT 1.0 equals seriously buggy? Isn't that why "Wait for SP1" is practically a mantra?

    --
    ACs don't waste your time replying, your posts are never seen by me.
  18. Re:Wow. what a coincidence. by xclr8r · · Score: 1

    When you see a correlation you investigate it to see whether there is causation. You don't ignore it; Otherwise we would all still be flinging feces at each other instead of text across the internet.

    --
    Beware of those who profit off the docile and persecute the unbelievers.
  19. Re:Wow. what a coincidence. by Archangel+Michael · · Score: 1

    woah woah woah woah. "They" must be planning something for the Bahamas.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  20. Re:Wow. what a coincidence. by mug+funky · · Score: 1

    no, but the two are highly correlated.

  21. Re:Wow. what a coincidence. by mug+funky · · Score: 1

    If this was a demonstration of a policy of helping out dictatorships, then why has it not been apparent on previous occasions

    well, there was the case with "pirate" software in Russia being investigated only in anti-govt organisations within Russia.

    true, MS eventually acknowledged this problem and moved to correct it.

    what's more worthy of asking is why even risk the bad PR when MS have no interest in oppression of states with relatively little money.

  22. Re:In Before Microsoft Astroturfers? by mug+funky · · Score: 1

    probably not too much, or they'd be more believable.

    personally i suspect some botman is trying to land a job at MS with all this.

  23. Fool me once, shame on you... by FriendlyLurker · · Score: 3, Informative

    ...but Microsoft is trying to fool us twice... yeah, shame on us.

    Choice quote below, the parallel with this http "bug" is impressive::

    When I originally wrote about this issue [bing Chinese search censorship] back in June, Microsoft protested. “From what you described, that’s not the way Bing is supposed to work,” wrote Kevin Kutz, a company spokesman. He said that Chinese speakers at Microsoft could not replicate my results and did not detect this kind of skewed result. I sent screen shots, and then Microsoft acknowledged the issue but said that it was simply a temporary mistake. “It’s a bug,” Kutz told me. Later, he added: “What’s important is it’s getting fixed.” Soon, he said, Bing searches would be the same for Tiananmen and other sensitive subjects, whatever the language.

    (Thanks to pushing-robot for originally posting the link on /. here.

  24. Re:Wow. what a coincidence. by xMrFishx · · Score: 1

    Yeah if they turn it into a "warzone" they can invade for many months and camp out on the beaches before declaring peace and a good sun tan.

  25. I agree, but lives were put at risk by GameboyRMH · · Score: 1

    It's understandable that this was a mistake, I suspected that from the beginning, but this doesn't change the fact that Microsoft has put FAR more lives at risk than Wikileaks ever did, so I expect some US military representative to show up on a major news channel any minute now and say Microsoft has blood on their hands. Any minute now.

    Just a matter of time.

    Still waiting...???

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  26. Woul they ever admit to it though by hesaigo999ca · · Score: 1

    No one ever admits to bending over and taking it up the arse, especially for a country where their regime forces you to silence what they want you to. I guess with all the other MS BS stories running around here, they are trying to bring up their market shares with non sense, just my 2 cents....must be nearing quarter time, and want to up the stats...

  27. Really now... by kyrio · · Score: 1

    Does anyone here really think that the people who are using hotmail actually know anything about security or if https is on or off? The same goes for the huge majority of people using any webmail (or any computer in general).

  28. Re:Wow. what a coincidence. by Archangel+Michael · · Score: 1

    It worked for Reagan in Grenada ...

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  29. Re:Wow. what a coincidence. by ReedYoung · · Score: 1

    In what previous political upheavals have these technologies been so instrumental? Iran, maybe, but I would say not even then.

    --
    "I can't imagine how things could get any worse!" (some guy) "That could just be failure of imaginatioÂn on your p