This is not necessary, as IMAP servers support server side search - there is no requirement for Microsoft or anyone else to have a login to do this. They said they do this to "enable server side search". Perhaps Microsoft is hashing the details when it stores them, but it has to have a way to retrieve the plain text version. They have to be, as the server I use only has plain text logins over TLS. There is only one conclusion from this, for my circumstances but probably in general: Microsoft is storing the log in details in plain text. I was expecting to see logins from my IP address. When I recently tried Office 365 for Mac, I set up Outlook. If you use MS Outlook with third party IMAP servers (presumably POP3 too, and Outlook), your login details are passed to Microsoft. Yep you thought it was just a random number+salt generator. That PHYSICALLY track ANY user that has it on their device, providing telemetry data every 5 minutes back to MS!!!! ![]() Then we have the dirty business of the MS authenticator It is all leading up to them selling "security services" in the cloud and them trying to force users into azure. Then adding in a system for users to bypass any store block put in place ,by making the store accessible from 365 webmail & finally adding in a "linked in back door ![]() whilst still leaving in a policy for blocking the store, that actually does not work if it is enabled. They have DELIBERATELY removed critical functionality from 365 & azure then put it behind a pay wall.Ī bit like inserting a DELIBERATE exploit into win10, that they did.īasically making it almost impossible to block the MS store in a business unless you are running the enterprise version. Iut is a deliberate policy, ready for the new microsoft protection systems they are selling. Make it a simple on-off setting, so when people want to travel they can turn it off, and access there device from anywhere, and then turn it back on again when they're home. Add in location blocking and I'd be willing to bet 99% of intrusions are stopped at source. They are usually simply lists of email addresses, with lists of previously leaked passwords, and try your luck. ![]() And that is not how the vast majority of attacks come in. Yes it wont stop a dedicated attack against me by someone using a VPN, but first the miscreants would need to know which country I'm in, to know which VPN to set up, before they could try to access my account. I do not know why this seems so hard for firms to implement. I just updated my password, noted that someone in America seemed to have successfully sync'd my account, and again regretted the fact there was no way to, for instance, simply block all attempts originating from outside of your registered country by selecting a specific setting within Outlook. I got this as well, and had not realised it was a Microsoft IP address.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |