Microsoft today enhanced the security for its Outlook Hotmail Connector tool that allows Outlook users to send and receive email via the company's web-based Hotmail service. The updated tool allows for HTTPS support, which encrypts all traffic between the email client and the online email service.
This is a followup to Microsoft's move back in November 2010 when the company introduced an all-HTTPS option to Hotmail. This was a reaction to a Firefox add-on called Firesheep that allowed anyone scan an unsecured WiFi network and hijack access to Facebook, Twitter, etc.
"Using a connection with HTTPS helps you be even more confident that your account is safer from hijackers, and that your private information remains private," Microsoft stated in a <a href="http://blogs.office.com/b/microsoft-outlook/archive/2011/07/07/https-sup... target="_blank">blog</a> post.
Microsoft has also updated the free downloadable email client, Windows Live Mail, to support HTTPS.
<blockquote>The main addition in this update is the support of the HTTPS protocol for all communication between Microsoft Outlook and Windows Live Hotmail, Calendar, and Contacts. Using a connection with HTTPS, helps you be even more confident that your account is safer from hijackers, and that your private information remains private. HTTPS is a standard for sensitive Internet content, and you’ll find it commonly used by banks, online merchants, and email providers such as Hotmail. HTTPS uses a certificate on the server to make sure that your computer is communicating with the intended server.</blockquote>
You can download the <a target="new" href="http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=... bit</a> or <a target="new" href="http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=... bit</a> version of Outlook Hotmail Connector for Outlook 2003, 2007, and 2010 on Windows.
Having HTTPS support is nothing new. Gmail has had HTTPS support for several years now. First introduced in 2008 as an option, Google made it default to use HTTPS in 2010.