Major Security Issues Already Found In Outlook For iOS And Android

[Guest]

Developer finds three major security blunders in Outlook for iOS and Android application.

Major Security Issues Already Found In Outlook For iOS And Android : Read more

 

[GMDS44]

and here I was about to install the APP into my work android phone.
I guess I will keep using gmail 5.1 for my exchange needs. It works just fine anyway.

 

[fleeb]

Isn't this a "Preview" version?

 

[wirefire99]

People who think ANY data is secure are fooling themselves. It is just about how easy it is got someone else got get it. This is overall pretty poor but if businesses continue to push for cloud based services, especially small businesses, they need to realize that their information, no longer belongs to them.

 

[crikey2]

Yes, stick with gmail - cause gmail definitely doesn't store your email and attachments on Google's servers

 

[GMDS44]

[quotemsg=15185257,0,217762]Yes, stick with gmail - cause gmail definitely doesn't store your email and attachments on Google's servers [/quotemsg]

I trust Google more than Microsoft when it comes to this matter.
Anyway, using an APP from the day it is realeased is just a bad IDEA overall. Wait a couple of months (yes months) before a decent/stable/secure version goes out.

 

[TileGuyJesse]

Not to mention the widget doesn't open. Oh wait, I just did.

 

[JorgTheElder]

I would not consider any of this a problem if the app warned you up front that is what is was doing. If I was using it with Office 365, I would have not problem with Microsoft storing my credentials.

However that fact that it provisioned such a cloud-based user-agent on my behalf is terrible. Almost as terrible as the fact that they provide no interface to de-provisions your account. Delete the client from all your devices and the cloud-based agent will continue accessing your email account about once a minute for some unknown amount of time.

I finally reset my password and deleted the device partnership to kill its access to my account.

 

[kep55]

And you were surprised that a Microsoft product had security flaws out the Wazoo?

 

[JorgTheElder]

[quotemsg=15187681,0,3004]And you were surprised that a Microsoft product had security flaws out the Wazoo?[/quotemsg]

They are not really flaws, they are design decisions and it actually works the same way other products do. However, other products tell you how they are working, and let you make some intelligent decisions.

I have no problem using the app as it is with an Office 365 account as I would not have an Office 365 account if I did not trust MS with my data. That said, the company I work for does not trust Microsoft with their data, and I think the app should have done a much better job letting me know what it intended to do with that data. It should also make it very easy for me to clean up the data when I am done with the service.

For now, they get a pass because I used prerelease software without reading the documentation. I would be much angrier if it was a shipping product.

 

[mrmez]

I figured it out the other day. It's M$' new anti piracy strategy.

Make everything so $h!t that nobody would even bother stealing it.

 

[FirstNameKevin]

And the fourth unmentioned security issue is the applications disregard for ActiveSync securotdevice security policies. Users who log in with the app are not required to have a pin or password on their device and the program does not allow for remote device wipe in the event if a lost or stolen device because they don't install a device administrator. I've already taken action to block the app from connecting to my company's Exchange server.

 

[alextheblue]

And you were surprised that a Microsoft product had security flaws out the Wazoo?

I figured it out the other day. It's M$' new anti piracy strategy.

Make everything so $h!t that nobody would even bother stealing it.

Except it's not truly an MS product at this point. They JUST bought it. It definitely needs a major overhaul, but where was this stink and outcry when it was being used by tons of people before MS bought them?

 

[Bob McGee]

How does it score on https://emailprivacytester.com/ ?

 

[freiheitner]

Any time a person inputs their username and password into any portion of an application, the developer of that app technically has access to that username and password. You don't know how they're using it behind the scenes.

 

[mrmez]

Make everything so $h!t that nobody would even bother stealing it.[/quote]
Except it's not truly an MS product at this point. They JUST bought it. It definitely needs a major overhaul, but where was this stink and outcry when it was being used by tons of people before MS bought them?
[/quotemsg]

That makes M$ even MORE stupid!

"Hey guys, let's buy this company, and rebrand all their software to M$!"

"Great idea, Jenkins. Do you think we should check the software thoroughly, to, you know... make sure we're not putting our precious company name on a hot steaming turd?"

"Well... we've redesigned the icons, is that enough?"