It’s official: full session SSL for Hotmail, more

By Kip Kniskern | In News | Posted November 9, 2010 37 comments

We’ve been telling you about full session SSL coming for Hotmail, and today an announcement on the Inside Windows Live blog makes it official: full session SSL is available for Hotmail, although it won’t work if you use a either Windows Live Mail, the Outlook Hotmail Connector, or The Windows Live application for Windows Mobile (version 6.5 and earlier) and Symbian. You’ll still have SSL access via Hotmail, but these clients will throw errors and you won’t be able to connect to your SSL enabled Hotmail accounts through them.

In addition, Dick Craddock announced on the blog post today that from now on, SkyDrive, Calendar, Docs, and Devices will all be automatically SSL enabled:

Also starting today, SkyDrive, Photos, Docs, and Devices pages all automatically use SSL encryption, transferring all their data over HTTPS. By using a connection with advanced security features, you can be even more confident that your account is safer from hijackers, and your private information is less likely to fall into someone else’s hands.

He then goes on to hint that more security features are yet to come:

We’re constantly working to continue providing great security for our customers, so stay tuned.

Is this a big deal for you?  Have you enabled SSL for Hotmail?  Let us know in the comments.

Posted November 9th, 2010 at 1:43 pm
Category: News
Tags: Hotmail, SSL, SkyDrive, Wave 4
  • http://www.andrewtechhelp.com/ Andrew Tech Help

    Must take a 1/2hr or so for it to kick in properly, because I enabled it and Windows Live Mail seemed to continue to work normally.

  • http://www.andrewtechhelp.com/ Andrew Tech Help

    Must take a 1/2hr or so for it to kick in properly, because I enabled it and Windows Live Mail seemed to continue to work normally.

  • Joe

    I turn it on and windows live calendar stop working four me.

  • Joe

    I turn it on and windows live calendar stop working four me.

  • http://twitter.com/jmsoulsby James Soulsby

    Can’t as I use Windows Live Mail and have a WM6.5 phone. Any idea when updates for the clients will arrive? Until then it is unimplentatable as far as I’m concerned.

    • Damaster – LiveSide.net

      Use Exchange ActiveSync for your WM6.5 phone. According to MS, SSL still works over Exchange ActiveSync – and so all Windows Phone 7 users will not be affected as it uses EAS to sync with Hotmail.

  • James Soulsby

    Can’t as I use Windows Live Mail and have a WM6.5 phone. Any idea when updates for the clients will arrive? Until then it is unimplentatable as far as I’m concerned.

    • damaster

      Use Exchange ActiveSync for your WM6.5 phone. According to MS, SSL still works over Exchange ActiveSync – and so all Windows Phone 7 users will not be affected as it uses EAS to sync with Hotmail.

  • Asmodai

    I can access my hotmail at work where it is normally blocked via ssl (at least for now) which is nice but I use Live Mail at home so I don’t turn it always on, just bookmarked the https link at work.

  • Asmodai

    I can access my hotmail at work where it is normally blocked via ssl (at least for now) which is nice but I use Live Mail at home so I don’t turn it always on, just bookmarked the https link at work.

  • Anonymous

    Is SSL really that important? Sure it’s nice to have it, but it seems that many users have been doing fine without SSL for a long time. I use Windows Live Mail all the time for my main account anyhow.

  • http://macrosofter.wordpress.com/ quikboy

    Is SSL really that important? Sure it’s nice to have it, but it seems that many users have been doing fine without SSL for a long time. I use Windows Live Mail all the time for my main account anyhow.

  • Anonymous

    I turned it on and Windows Live Calendar stopped working for me as well. I had to turn it off so I could use Calendar.

    • Damaster – LiveSide.net

      From Ben Vincent (Microsoft spokesperson):

      Calendar is now fully functional over SSL (for users who opt-in).

      We are aware of an issue where the link from Hotmail to Calendar results in an error. This doesn’t break the SSL protection and can be worked around by connecting directly to https://calendar.live.com. We know exactly what the issue is and will be resolving it shortly.

  • Game_Over_Malik

    I turned it on and Windows Live Calendar stopped working for me as well. I had to turn it off so I could use Calendar.

    • damaster

      From Ben Vincent (Microsoft spokesperson):

      Calendar is now fully functional over SSL (for users who opt-in).

      We are aware of an issue where the link from Hotmail to Calendar results in an error. This doesn’t break the SSL protection and can be worked around by connecting directly to https://calendar.live.com. We know exactly what the issue is and will be resolving it shortly.

  • http://twitter.com/surilamin surilamin

    Yes, this is a big deal to me, as I increasingly have more sensitive information up in the cloud it needs to be more secure, I turned it full-session SSL on. I’m a Security Now listener, on Leo’s TWiT network, so I may be a little more paranoid than most.

    and yes Calendar did stop working for me too

  • http://twitter.com/surilamin surilamin

    Yes, this is a big deal to me, as I increasingly have more sensitive information up in the cloud it needs to be more secure, I turned it full-session SSL on. I’m a Security Now listener, on Leo’s TWiT network, so I may be a little more paranoid than most.

    and yes Calendar did stop working for me too

  • http://twitter.com/AmrEldib Amr Eldib

    #IE9 beta produces an error when visiting #Hotmail while SSL is enabled http://twitpic.com/35gumj

    • Damaster – LiveSide.net

      Try https://www.hotmail.com .

      I think the SSL certificate is set for the domain “mail.live.com”, hence the error you saw since you were trying to get to the domain “home.live.com” (but it will redirect to a mail.live.com address afterwards anyway). If you select “Continue to this website (not recommended)” you should still be able to get to it with no problems. =)

  • Amr Eldib

    #IE9 beta produces an error when visiting #Hotmail while SSL is enabled http://twitpic.com/35gumj

    • damaster

      Try https://www.hotmail.com .

      I think the SSL certificate is set for the domain “mail.live.com”, hence the error you saw since you were trying to get to the domain “home.live.com” (but it will redirect to a mail.live.com address afterwards anyway). If you select “Continue to this website (not recommended)” you should still be able to get to it with no problems. =)

  • http://imouto.my/ ranpha

    After enabling SSL, Hotmail broke with the latest FF4 beta. After disabling the SSL feature and Hotmail works again

  • http://imouto.my/ ranpha

    After enabling SSL, Hotmail broke with the latest FF4 beta. After disabling the SSL feature and Hotmail works again

  • http://twitter.com/KSSBlack Nick-KSSBLK

    Dissapointed that this has been released without an update for outlook connector & Live Mail apps.

  • http://twitter.com/KSSBlack Nick-KSSBLK

    Dissapointed that this has been released without an update for outlook connector & Live Mail apps.

  • Jkavanagh58

    I think its great but will wait until Windows Live Mail client supports it.

  • jkavanagh58

    I think its great but will wait until Windows Live Mail client supports it.

  • Anonymous

    It doesn’t work with Family Safety managed accounts :-(

  • http://alexsimkin.tumblr.com/ Alex Simkin

    It doesn’t work with Family Safety managed accounts :-(

  • http://webscannotes.com Lem

    With Hotmail joining Gmail in offering full-session encryption, Yahoo! Mail is probably feeling pressured to make a move soon.

  • http://webscannotes.com Lem

    With Hotmail joining Gmail in offering full-session encryption, Yahoo! Mail is probably feeling pressured to make a move soon.

  • http://webscannotes.com Lem

    With Hotmail joining Gmail in offering full-session encryption, Yahoo! Mail is probably feeling pressured to make a move soon.

  • Hotmail User

    Is SSL really a big deal? Well, yes it is if you don’t want strangers reading all of your e-mail/contacts/calendar events. Or sending email as you.

    Don’t keep anything important in your Hotmail emails? Have you used your Hotmail address as the “home” address for another service? Someone using Firesheep could get your Hotmail address, then could click a “forgot password” link on another website. The forgot password email would come into your hotmail account which they have access to. This other person could then access this other website you belong to.

    And they could delete the “forgot password” email in your Hotmail and then you may well not know about it until you tried to log into the other website. Sure you could reset the password, but damage may have already been done. And if the other website allows you to change your “home email” then they could change it from your Hotmail address to some other address and you’d be permanently locked out of that account. According to news articles this is all possible with Firesheep at a public Wifi access point. Sounds pretty serious to me.

    Regular users don’t know SSL from a hole in the ground and therefore SSL must be made the default option on Hotmail (like it is with Google) or the vast majority of users will remain unprotected against this security hole that is actively being exploited at public wifi spots such as airports, libraries, coffee shops, etc.

  • Hotmail User

    Is SSL really a big deal? Well, yes it is if you don’t want strangers reading all of your e-mail/contacts/calendar events. Or sending email as you.

    Don’t keep anything important in your Hotmail emails? Have you used your Hotmail address as the “home” address for another service? Someone using Firesheep could get your Hotmail address, then could click a “forgot password” link on another website. The forgot password email would come into your hotmail account which they have access to. This other person could then access this other website you belong to.

    And they could delete the “forgot password” email in your Hotmail and then you may well not know about it until you tried to log into the other website. Sure you could reset the password, but damage may have already been done. And if the other website allows you to change your “home email” then they could change it from your Hotmail address to some other address and you’d be permanently locked out of that account. According to news articles this is all possible with Firesheep at a public Wifi access point. Sounds pretty serious to me.

    Regular users don’t know SSL from a hole in the ground and therefore SSL must be made the default option on Hotmail (like it is with Google) or the vast majority of users will remain unprotected against this security hole that is actively being exploited at public wifi spots such as airports, libraries, coffee shops, etc.

  • Josh

    I don’t think it’s rolled out to me yet.

  • Josh

    I don’t think it’s rolled out to me yet.