July 27, 2013

How Microsoft handed the NSA access to encrypted messages

 

• Secret files show scale of Silicon Valley co-operation on Prism
• Outlook.com encryption unlocked even before official launch
• Skype worked to enable Prism collection of video calls
• Company says it is legally compelled to comply

 
 
Skype logo

Skype worked with intelligence agencies last year to allow Prism to collect video and audio conversations. Photograph: Patrick Sinkel/AP

Microsoft has collaborated closely with US intelligence services to allow users’ communications to be intercepted, including helping the National Security Agency to circumvent the company’s own encryption, according to top-secret documents obtained by the Guardian.

The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.

The documents show that:

• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

• Microsoft also worked with the FBI’s Data Intercept Unit to “understand” potential issues with a feature in Outlook.com that allows users to create email aliases;

• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a “team sport”.

The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration. All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their co-operation with the NSA to meet their customers’ privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.

In a statement, Microsoft said: “When we upgrade or update products we aren’t absolved from the need to comply with existing or future lawful demands.” The company reiterated its argument that it provides customer data “only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers”.

In June, the Guardian revealed that the NSA claimed to have “direct access” through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.

Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time. Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans’ communications without a warrant if the target is a foreign national located overseas.

Since Prism’s existence became public, Microsoft and the other companies listed on the NSA documents as providers have denied all knowledge of the program and insisted that the intelligence agencies do not have back doors into their systems.

Microsoft’s latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: “Your privacy is our priority.”

Similarly, Skype’s privacy policy states: “Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content.”

But internal NSA newsletters, marked top secret, suggest the co-operation between the intelligence community and the companies is deep and ongoing.

The latest documents come from the NSA’s Special Source Operations (SSO) division, described by Snowden as the “crown jewel” of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.

The files show that the NSA became concerned about the interception of encrypted chats on Microsoft’s Outlook.com portal from the moment the company began testing the service in July last year.

Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats

A newsletter entry dated 26 December 2012 states: “MS [Microsoft], working with the FBI, developed a surveillance capability to deal” with the issue. “These solutions were successfully tested and went live 12 Dec 2012.”

Two months later, in February this year, Microsoft officially launched the Outlook.com portal.

Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. “For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption.”

Microsoft’s co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked “for many months” with the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley on Prism – to allow Prism access without separate authorization to its cloud storage service SkyDrive.

The document describes how this access “means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about”.

The NSA explained that “this new capability will result in a much more complete and timely collection response”. It continued: “This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established.”

A separate entry identified another area for collaboration. “The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes.”

The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663 million global users.

One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. “The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture’,” it says.

Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.

According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.

The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. “Feedback indicated that a collected Skype call was very clear and the metadata looked complete,” the document stated, praising the co-operation between NSA teams and the FBI. “Collaborative teamwork was the key to the successful addition of another provider to the Prism system.”

ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. “In the past, Skype made affirmative promises to users about their inability to perform wiretaps,” he said. “It’s hard to square Microsoft’s secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google.”

The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.

The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that “enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism”.

The document continues: “The FBI and CIA then can request a copy of Prism collection of any selector…” As a result, the author notes: “these two activities underscore the point that Prism is a team sport!”

In its statement to the Guardian, Microsoft said:

We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues. First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes.

Second, our compliance team examines all demands very closely, and we reject them if we believe they aren’t valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate.

Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.

In a joint statement, Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA, said:

The articles describe court-ordered surveillance – and a US company’s efforts to comply with these legally mandated requirements. The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy.

They added: “In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate.”

• This article was amended on 11 July 2013 to reflect information from Microsoft that it did not make any changes to Skype to allow Prism collection on or around July 2012.

Permalink • Print • Comment

June 2, 2011

10 add-ins that make Outlook easier to use

May 26, 2011, 8:00 AM PDT

Takeaway: If you can’t do something in Outlook, chances are there’s an add-in that can. Susan Harkins lists some handy add-ins that close a few feature gaps.

Outlook is a winner in the add-in department, with so many good ones available. Of course, not all add-ins deliver on their promises — and some slow down an already performance-challenged program. But there are plenty of Outlook add-ins that expand functionality or enhance existing features. Here are 10 of my favorites.

 

1: RecoverMyEmail

Outlook is a great management tool, but it’s prone to corruption errors. Usually, a corrupt PST file is the culprit, and the result is lost information. If you’re lucky, Microsoft’s pst repair tool can recover everything. But in my experience, it doesn’t.

 

RecoverMyEmail can repair a broken PST (and DBX) file and recover emails. Figure A shows the add-in at work; the process can take a while. This add-in can also undelete email after you’ve emptied your Deleted Items folder. It’s easy to implement and use. Unfortunately, it won’t recover or undelete anything but email items. You’ll have to look elsewhere for help recovering contacts and calendar items.

Click Open Email File to start the recovery process.
  • Windows 2000, XP, 2003, and Vista
  • Outlook 2000, 2002, 2003, and 2007 (and Outlook Express)
  • $99.95
  • Free trial

2: E-mail Follow-up

Outlook lets you assign a reminder when you send email and then adds the reminder to your To-do list. If you need more (like me), try E-mail Follow-up. This add-in lets you set a response time when you send an email, as shown in Figure B. If the recipient doesn’t respond within the allotted time, the add-in will remind you that you’re still waiting on a response.

 

Set a response time and let E-mail Follow-up do the remembering for you.
  • Windows 2000, XP, 2003, Vista, and 7
  • Outlook 2000, XP, 2003, 2007, and 2010
  • $24 (single user) up to $1200 (for 100 users)
  • Free trial

3: Lookeen

Despite improvements in Outlook’s search features, many users are still turning to Lookeen. It quickly finds Outlook items, email, contacts, appointments, and so on, that contain your search string. Even attachments are searched. Results are easy to work with and provide an additional management tool for previewing, moving, and deleting.

 

Type in the search string and Lookeen finds every item that contains that string.
  • Windows XP, Vista, and 7
  • Outlook 2003, 2007, and 2010
  • $39.80 (single user) with volume discount
  • Free trial

4: Xobni

It happens to all of us: I know John changed the meeting time after Mary said she couldn’t make it… but you can’t find the message with the new time. And when you finally find it, you realize that John’s assistant, and not John, responded with the new time. Xobni works alongside your mail window to display recent conversations, exchanged files (Figure D), and related emails from people in the copy line. You can also view statistics and graphs that will tell you about your email habits.

 

View people and attached files related to a specific email.
  • Windows XP, Vista, and 7
  • Outlook 2003, 2007, and 2010
  • $7.99 a month
  • Free trial

5: SimplyFile

Despite my best efforts, my Inbox stays crowded. I can drag messages to categorized folders, but I have many folders and I’m good at dropping messages into the wrong folder. SimplyFile does what Outlook does, but a bit more efficiently. After a little training (SimplyFile, not you), a single click to the SimplyFile group, shown in Figure E, will move messages. As you use this add-in, its ability to choose the right folder improves. (This add-in doesn’t support Google Docs and has known issues with Gmail.)

 

With SimplyFile, filing is a single click away.
  • Windows XP, Vista, and 7
  • Outlook 2003, 2007, and 2010
  • $49.95
  • Free trial

6: Email Scheduler

Outlook offers a bare-bones scheduling feature. You specify a day and time, and Outlook won’t send the message before the allotted time. If you’re scheduling messages frequently, you’ll probably want more options. Email Scheduler fully automates scheduling delayed messages and sending messages. You can attach files and even whole folders. Although this is a handy add-in, be sure to check its restrictions before purchasing — it doesn’t work with Outlook Express or Exchange Client.

  • Windows 2000, XP, 2003, Vista, and 7
  • Outlook 2000, XP, 2003, and 2007
  • $24 (single user) up to $1200 (100 users)
  • Free trial

7: Sent Item Organizer

Occasionally, I run into an add-in that doesn’t add functionality, it just lets me do what I want to do more efficiently. Sent Item Organizer lets your organize your sent messages by filing them in specific folders. This add-in is more flexible than Outlook’s built-in rules. You can use keywords or email addresses to trigger the move. This add-in is also good for users who need more control but are unfamiliar with Outlook features.

  • Windows XP, Vista, and 7
  • Outlook 2000, XP, 2003, 2007, and 2010
  • $29.95
  • Free trial

8: Easy2Add

The coolest stuff comes sometimes comes in the smallest package. Easy2Add displays a small icon in your task tray. When you want to add a new item to Outlook, click the icon and enter the item. That’s all you see, but behind the scenes, it creates a new item in Outlook even if Outlook is closed. Want to add a quick lunch meeting? You don’t have to launch Outlook and wait for all those add-ins to load — just use Easy2Add, enter the details (Figure F), and you’re done. You’ll have to follow a few rules about the text you enter, but they’re simple. (Note: The documentation doesn’t list Outlook 2010, but so far, so good; just keep that in mind if you use it with 2010.)

 

Enter item details without launching Outlook.
  • Windows XP and Vista
  • Outlook 2002, 2003, and 2007
  • Free

9: PocketKnife Peek

PocketKnife Peek lets you view HTML messages in plain text without the potential danger of executing a malicious script. After installing this add-in, you’ll find a Peek button on the standard toolbar in Outlook 2000 through 2007. In Outlook 2010, it’s on the Add-In tab. Select the email item and click Peek. Figure G shows an issue of the Office For Mere Mortals newsletter in plain text. (No, I wasn’t really worried about the newsletter. OfMM has been around for ages and is clean and informative!

 

Click the tabs to view an HTML email in plain text.
  • Windows XP, Vista, and 7
  • Outlook 2000, XP, 2003, 2007, and 2010
  • Free

10: SMS

Microsoft’s SMS add-in lets you send SMS text messages through most mobile phones. In addition, you can save a draft, send to groups, print the SMS, and forward a message as SMS or email. You can lookup contacts and use Spellcheck. Connect your mobile phone via Infrared, Bluetooth, or even a USB cable and you’re ready to go.

  • Windows Server 2003, XP, Vista
  • Outlook 2003 and 2007
  • Free
Permalink • Print • Comment

April 4, 2010

Use Outlook with Yahoo! Mail

Applies to

You can use Outlook with many Yahoo! Mail e-mail accounts. However, free Web browser-based Yahoo! Mail accounts based in China, Taiwan, or the United States can only be used in Outlook if you have a paid subscription Yahoo! Mail account that includes POP3 access and forwarding.

You can receive your Yahoo! Mail e-mail messages by using Outlook from most places with an Internet connection. Yahoo! Mail provides you access to an authenticated SMTP server — legal viagra allowing you to send e-mail messages using Outlook from your Yahoo! Mail account when you use another Internet service, such as at your office or when traveling.

 Note   Yahoo also provides mail services to partner Internet service providers (ISPs) (ISP: A business that provides access to the Internet for such things as electronic mail, chat rooms, or use of the World Wide Web. Some ISPs are multinational, offering access in many locations, while others are limited to a specific region.). All of these accounts can use be used with Outlook. See the chart at the end of this article to see if your e-mail account is included.

Do one of the following:

Add your Yahoo! Mail e-mail account

  1. On the Tools menu, click E-mail Accounts.
  2. Click Add a new e-mail account, and then click Next.
  3. Click POP3, and then click Next.
  4. Under User Information, do the following:
    1. In the Your Name box, type your full name the way that you want it to appear to other people.
    2. In the E-mail Address box, type your Member ID (or username), followed by the @ symbol and domain name.
  5. Under Server Information, do the following:
    1. In the Incoming mail server (POP3) box, type the server name from the chart below that corresponds to your e-mail address.
    2. In the Outgoing mail server (SMTP) box, type the server name from the chart below that corresponds to your e-mail address.
  6. Under Logon Information, do the following:
    1. In the User Name box, type your Yahoo Member ID (or username). Do not include the @ symbol or domain name.
    2. In the Password box, type your password.
    3. Select the Remember password check box.

       Note   You have the option to have Outlook remember your password by typing it in the Password box and selecting the Remember password check box. Having Outlook remember your password means that you won't have to type your password each time you access the account; however, it also means that the account is vulnerable to anyone who has access to your computer.

      Use strong passwords that combine uppercase and lowercase letters, numbers, and symbols. Weak passwords don't mix these elements. Strong password: Y6dh!et5. Weak password: House27. Passwords should be 8 or more characters in length. A pass phrase that uses 14 or more characters is better. For more information, see Help protect your personal information with strong passwords.

      It is critical that you remember your password. If you forget your password, Microsoft cannot retrieve it. Store the passwords that you write down in a secure place away from the information that they help protect.

  7. To verify that your account is working, click Test Account Settings. If there is missing or incorrect information, such as your password, you will be prompted to supply or correct it. Make sure your computer is connected to the Internet.
  8. Click More Settings.
  9. On the General tab, under Mail Account, type Yahoo! Mail.
  10. Click the Outgoing Server tab, and then select the My outgoing server (SMTP) requires authentication check box.
  11. Click Use same settings as my incoming mail server, and then click OK.
  12. Click Next, and then click Finish.

 Notes 

  • Do not select the Log on using Secure Password Authentication (SPA) check box.
  • Unless specified by Yahoo! Mail, all server and address entries are typed in lowercase letters.

Remove your Yahoo! Mail e-mail account

  1. On the Tools menu, click E-mail Accounts.
  2. Click View or change existing e-mail accounts, and then click Next.
  3. Click the Yahoo! Mail e-mail account that you want to remove, and then click Remove.
  4. Click Finish.

Yahoo! Mail server information

E-mail address Incoming mail server (POP3) Outgoing mail server (SMTP)

Yahoo partner ISPs in the United States

E-mail address Incoming mail server (POP3) Outgoing mail server (SMTP)
MemberID@yahoo.com pop.mail.yahoo.com smtp.mail.yahoo.com

Permalink • Print • Comment

Add a Gmail account in Outlook

You can send and receive e-mail messages by using your Google Gmail e-mail account and Outlook. Gmail requires a Secure Sockets Layer (SSL) encrypted connection when you retrieve and send e-mail. Gmail uses POP3 port number 995 and Simple Mail Transfer Protocol (SMTP) port number 465. These settings are not the default for a POP3 account in Outlook and require you to modify account settings in Outlook.

The outgoing e-mail server is similar to those used by many Internet service providers (ISPs). However, Gmail requires authentication on their SMTP e-mail server. This requirement means that you must provide a user name and password — the same as your Gmail screen name and password — before you send your e-mail message. You can save the user name and password in Outlook so that you enter the information just one time.

The following steps configure Outlook for all necessary settings required to send and receive e-mail by using your Gmail e-mail account and Outlook.

 Note   When you change your Gmail password, you need to update the Gmail account information in Outlook.

Do one of the following:

Add your Gmail e-mail account

To use your Gmail e-mail account in Outlook, you must first make sure POP3 support is enabled in Gmail, and then you can add it to Outlook.

  1. Log in to your Gmail account.
  2. At the top of any Gmail page, click Settings.
  3. In the Mail Settings window, click Forwarding and POP.

    I don't see Forwarding and POP

  4. In the POP Download section, select Enable POP or all mail or Enable POP only for mail that arrives from now on.
  5. Click Save Settings.
  6. In Outlook, on the Tools menu, click E-mail Accounts.
  7. Click Add a new e-mail account, and then click Next.
  8. Click POP3, and then click Next.
  9. Under User Information, do the following:
    1. In the Your Name box, type your full name the way you want it to appear to other people.
    2. In the E-mail Address box, type your e-mail user name followed by @gmail.com.
  10. Under Server Information, do the following:
    1. In the Incoming mail server (POP3) box, type pop.gmail.com.
    2. In the Outgoing mail server (SMTP) box, type smtp.Gmail.com.
  11. Under Logon Information, do the following:
    1. In the User Name box, type your full e-mail address, including @gmail.com.
    2. In the Password box, type your password.
    3. Select the Remember password check box.

       Note   You have the option to have Outlook remember your password by typing it in the Password box and selecting the Remember password check box. Having Outlook remember your password means that you won't have to type your password each time you access the account; however, it also means that the account is vulnerable to anyone who has access to your computer.

  12. Click More Settings.
  13. On the General tab, under Mail Account, type Gmail.
  14. Click the Outgoing Server tab, and then select the My outgoing server (SMTP) requires authentication check box.
  15. Select Use same settings as my incoming mail server.
  16. Click the Advanced tab, and then under Server Port Numbers for both Incoming server (POP3) and Outgoing server (SMTP), select the This server requires an encrypted connection (SSL) check boxes.
  17. Change the Outgoing server (SMTP) port number to 465.

    The Incoming server (POP3) port number should change automatically to 995 when you select the This server requires an encrypted connection (SSL) check box.

  18. Click OK.
  19. To verify that your account is working, click Test Account Settings. If there is missing or incorrect information, such as your password, you will be prompted to supply or correct it. Make sure your computer is connected to the Internet.
  20. Click Next, and then click Finish.

  Notes  

  • Do not select the Log on using Secure Password Authentication (SPA) check box.
  • Unless specified by Gmail, all server and address entries are typed in lowercase letters.

Remove your Gmail e-mail account

  1. On the Tools menu, click E-mail Accounts.
  2. Click View or change existing e-mail accounts, and then click Next.
  3. Click the Gmail e-mail account you want to remove, and then click Remove.
  4. Click Finish.

 Note   You can export your Outlook Contacts as a Comma Separated Values (.csv) file and import your contacts into your Gmail account. For help on exporting and importing your Outlook Contacts, see the See Also section in this article.

Permalink • Print • Comment

Use Outlook with Comcast e-mail

Applies to
Microsoft Office Outlook® 2003
Microsoft Outlook® 2002

You can use Outlook with your Comcast e-mail account. The following steps will set up Outlook to both receive and send e-mail messages with your Comcast account.

Note  You can receive your Comcast e-mail messages by using Outlook from most places with an Internet connection. Comcast provides you access to an authenticated SMTP server — allowing you to send e-mail messages using Outlook from your Comcast account when you are using another Internet service, such as at your office or when traveling.

Do one of the following:

Add your Comcast e-mail account

  1. On the Tools menu, click E-mail Accounts.
  2. Select Add a new e-mail account, and then click Next.
  3. Select POP3, and then click Next.
  4. Under User Information, do the following:
    1. In the Your Name box, type your full name the way you want it to appear to other people.
    2. In the E-mail Address box, type your e-mail user name followed by @comcast.net.
  5. Under Server Information, do the following:
    1. In the Incoming mail server (POP3) box, type mail.comcast.net.
    2. In the Outgoing mail server (SMTP) box, type smtp.comcast.net.
  6. Under Logon Information, do the following:
      is generic viagra safe

    1. In the User Name box, type your user name provided by Comcast.
    2. In the Password box, type your password.
    3. Select the Remember password check box.

      Note  You have the option to have Outlook remember your password by typing it in the Password box and selecting the Remember password check box. Having Outlook remember your password means that you won't have to type your password each time you access the account; however, it also means that the account is vulnerable to anyone who has access to your computer. Use strong passwords that combine upper- and lowercase letters, numbers, and symbols. Weak passwords don't mix these elements. Strong password: Y6dh!et5. Weak password: House27. Use a strong password that you can remember so that you don't have to write it down.

  7. To verify that your account is working, click Test Account Settings. If there is missing or incorrect information, such as your password, you will be prompted to supply or correct it. Make sure your computer is connected to the Internet.
  8. Click More Settings.
  9. On the General tab, under Mail Account, type Comcast.

    Note  If you are attempting to send and receive Comcast e-mail messages from a location where you are not directly connected to Comcast, such as at work or when travelling, see the Notes section for additional steps.

  10. Click OK, and then click Next.
  11. Click Finish.

Notes

  • Do not select the Log on using Secure Password Authentication (SPA) check box.
  • Unless specified by Comcast, all server and address entries are typed in lowercase letters.
  • To send and receive e-mail messages with your Comcast account when you are not directly connected to the Comcast service, such as at work or when travelling, you must use the following:
    1. After step 9 above, click the Outgoing Server tab, and then select the My outgoing server (SMTP) requires authentication check box.
    2. Select Use same settings as my incoming mail server.
    3. Continue with step 10 above.

Remove your Comcast e-mail account

  1. On the Tools menu, click E-mail Accounts.
  2. Select View or change existing e-mail accounts, and then click Next.
  3. Click the Comcast e-mail account you want to remove, and then click Remove.
  4. Click Finish.

Permalink • Print • Comment
Next Page »
Made with WordPress and an easy to use WordPress theme • Sky Gold skin by Denis de Bernardy