Thursday, March 19, 2009

Hotmail login doesn't do HTTPS by default. ^.^?!

So, I almost never use my Hotmail or Y!Mail accounts anymore.

Too much spam, obviously.

So, today, I did my monthly email check. Nothing but spam in the both of them.

But I did notice something funny.

Logging into Yahoo! Mail took me to an SSL protected page, where-as logging into Hotmail took me to a regular HTTP page.

Now, I was extra concious of where I was on the web because this morning my Mom got scammed; she followed one of those 'reset your password' emails and lost a couple hundred dollars from her Paypal account.

So I gave her a 20 minute lecture (again) on not following those links. Frankly, she got off real lucky -- as far as I know he only took money from her account, and not a lot at that. The scammer could have done way worse.

So, after my high-and-mighty lecture, I notice that Hotmail doesn't do HTTPS by default. I totally lawl'd.

I've become used to seeing the SSL certificate in the browser bar as a way of verifying I'm where I meant to be, even though that's not exactly what it means. So I found Hotmail's lack of security on the login landing page very... unusual.

That's the end of this blog post!

No comments: