Microsoft beefs up security, privacy of online services

Microsoft beefs up security, privacy of online services

Summary: [UPDATED] The company is improving encryption for Outlook.com and OneDrive users and aiming to boost confidence of foreign governments in their integrity.

SHARE:

Microsoft has announced several improvements to the encryption used in their online services. The announcement comes in a blog entry by Matt Thomlinson, Microsoft's Vice President of Trustworthy Computing Security.

Both Outlook.com and OneDrive have enabled Perfect Forward Secrecy (PFS), an encryption technique by which parties use a different encryption key for every connection, making it more difficult for attackers to decrypt connections. Google has been the leader in PFS, having enabled it for many of their services since 2011.

[UPDATE: To clarify, Microsoft says that PFS protects connections between the Outlook.com server (mail.live.com) and other email providers, not the connection between the end user and the Outlook.com server.]

Outlook.com is also making more extensive use of Transport Layer Security (TLS) when communicating with other mail systems. Both when sending and receiving mail, Outlook.com will use TLS if the other server supports it. This will make it very difficult for any party listening in to the data transfer to read the communications.

The company also announced their first "Transparency Center," this one in Redmond, WA. At these centers participating governments can analyze Microsoft source code to confirm that there are no "back doors" by which other parties (of course we're talking about Microsoft or the US government) could monitor communications. Microsoft had previously announced a Brussels Transparency Center. The concerns are valid, as Germany recently ended a contract with Verizon over fears that the company was enabling US surveillance.

That the announcement came on their "Microsoft on the Issues" blog shows that the thrust of this announcement is to boost confidence in Microsoft's services in the wake of revelations of governments monitoring and reading private communications.

Topics: Security, Government, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • It all sounds nice...

    But is totally wiped out by a single NSL.
    jessepollard
  • They improved security for outlook.com?

    Really? did they?
    Please go look here: https://www.ssllabs.com/ssltest/analyze.html?d=outlook.com

    Regards
    Marco Ermini
    • thanks, i'm looking into this

      (nt)
      larry@...
    • look at live.com

      OneDrive's actual domain is onedrive.live.com which does support PFS: https://www.ssllabs.com/ssltest/analyze.html?d=onedrive.live.com

      Outlook is mail.live.com which is better than outlook.com, but still shows no PFS: https://www.ssllabs.com/ssltest/analyze.html?d=mail.live.com
      larry@...
  • Too little, too late

    Microsoft has shown itself to be American first, secure a very distant second. It destroyed Skype security, and has been offering online services that are clearly not secure enough.

    The company has a lot of ground to make up in order to persuade customers to trust it. They must already be bleeding customers, before other countries have yet had the opportunity to develop serious alternatives to many MS products. It will get worse.
    Postulator