1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Windows 8.1 using Microsoft / Outlook Account login affected by Heartbleed?

Discussion in 'Legacy Windows' started by IvanH, 2014/04/12.

  1. 2014/04/12
    IvanH

    IvanH Well-Known Member Thread Starter

    Joined:
    2006/12/05
    Messages:
    565
    Likes Received:
    19
    While I take a look at Microsoft.com, it seems okay to me for getting a "B" against Heartbleed, but then I am shocked that after so many days, the Microsoft Outlook.com is still getting an "F" (fail) in all tests. Remember that many Microsoft Account users are using Hotmail and Outlook for their Windows 8.1 account login.:mad:

    Please anyone update this thread when Microsoft has fixed everything.
     

    Attached Files:

    IvanH,
    #1
  2. 2014/04/12
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member

    Joined:
    2004/06/25
    Messages:
    7,214
    Likes Received:
    514
    Did you mean to Post here or in the Linux Forum? Neil.
     
    retiredlearner,
    #2


  3. to hide this advert.

  4. 2014/04/12
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Heartbleed is not just a Linux issue. Windows servers may also use openssl.
     
    TonyT,
    #3
  5. 2014/04/13
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Microsoft doesn't use OpenSSL, so is not affected by this.

    By the way, it is an SSL issue, so testing a non SSL site (www.Microsoft.com) is kinda dumb :(

    This is the site I get redirect to for Outlook mail:
     

    Attached Files:

    Admin.,
    #4
    IvanH and muddyfox like this.
  6. 2014/04/14
    IvanH

    IvanH Well-Known Member Thread Starter

    Joined:
    2006/12/05
    Messages:
    565
    Likes Received:
    19
    How do we check if a site is using OpenSSL? What are the other alternative technologies? (e.g. what Microsoft and Windowsbbs are using?)
     
    IvanH,
    #5
  7. 2014/04/14
    James Martin

    James Martin Geek Member

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79
    According to an LA Times article, OpenSSL is used by two thirds of the world's Web servers. That means numerous businesses and government organizations, including the United States, use OpenSSL to secure their websites.

    Here's a video about the OpenSSL situation...


    I watched it, but it didn't seem all that informative about how to protect oneself from hackers.

    EDIT: If you're concerned about whether your secure log-in sites are vulnerable to Heartbleed attacks, the Qualys SSL Labs scanner can tell you that. If a site is not vulnerable, it will be listed in green below the grading box.
     
    Last edited: 2014/04/14
    James Martin,
    #6
  8. 2014/04/15
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    You can't 'check' for it, since it's a 'back-end' service.

    As for Microsoft, they use their own encryption: Information on Microsoft Azure and Heartbleed

    As I said before: WindowsBBS doesn't use SSL, so there's nothing you can check. But yea, I updated OpenSSL on this server, so it is fixed for sites that use it.
     
    Admin.,
    #7
    IvanH likes this.
  9. 2014/04/15
    IvanH

    IvanH Well-Known Member Thread Starter

    Joined:
    2006/12/05
    Messages:
    565
    Likes Received:
    19
    Thanks Arie. Good job.
     
    IvanH,
    #8
  10. 2014/04/15
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    To clarify:

    There are hosting companies that offer Windows server and Linux server hosting where both use Apache Web servers, and openssl is used in such cases. It's an Apache library package.

    Servers running Windows Web server rather than Apache Web server don't use openssl.

    Passwords:

    Many articles are encouraging users to change passwords. But that's an illusionary safeguard because even if you change your passwords and the site has not patched its openssl, your passwords are still vulnerable to becoming stolen.
     
    TonyT,
    #9
    James Martin and virginia like this.
  11. 2014/04/15
    James Martin

    James Martin Geek Member

    Joined:
    2003/05/15
    Messages:
    2,655
    Likes Received:
    79

    Agreed.

    The LA Times video said as much, too, but our local TV station is telling folks to change their passwords, but that is a moot point if a secure site is still vulnerable.
     
    James Martin,
    #10

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...