Peterborough Linux User Group (Canada) Forum

Linux & Android => Security and Privacy => Topic started by: ssfc72 on July 20, 2021, 08:36:36 AM

Title: China accused of hacking into Microsoft Exchange email service
Post by: ssfc72 on July 20, 2021, 08:36:36 AM
https://www.bbc.com/news/world-asia-china-57898147

I had to change my password on my Microsoft Hotmail email account because I was getting dozens of bounced emails showing up in my email account and they had my Hotmail address as the sender.
Once I changed my password, this problem stopped.
I never did get a notice from Microsoft, saying that their email service had been hacked and to change my password.

Quote from the article.
"Microsoft's Exchange system powers the email of major corporations, small businesses and public bodies worldwide. The hack affected at least 30,000 organisations."

Maybe it is time for me to move my email account, to the ProtonMail email service, with their encryption feature.
Title: Re: China accused of hacking into Microsoft Exchange email service
Post by: Jason on July 20, 2021, 08:51:08 PM
Your experience is disturbing. I don't know if Hotmail is done through Exchange servers but it certainly seems too coincidental in this case.

In any case, I'd prefer more people use encrypted mail services, some of which are free for limited uses or fairly cheap. But of course, the encryption only works (at least, easily) if both users are using encryption. There is a way for most encrypted email services to send an encrypted email but it requires the receiver to click o a URL that takes them to a website where they enter a password you've already given them.

It's not as pretty as Protonmail, but Tutanota gives you fewer limitations on their free account. You get 1 GB of storage and no per-day limit. Protonmal has 500 MB storage and 150 messages per day limit which might be fine depending on what you need it for. Tutanota's paid accounts are much cheaper. So the interface is alright, Tutanota is better. I have a paid account which is 1 euro a month (paid annually).
Title: Re: China accused of hacking into Microsoft Exchange email service
Post by: Jason on July 21, 2021, 09:38:33 PM
Did you want to use an encrypted email to protect your emails or because you think it's less likely to be broken into like your Hotmail likely was?
Title: Re: China accused of hacking into Microsoft Exchange email service
Post by: ssfc72 on July 22, 2021, 02:10:24 AM
I was interested in the Protonmail email service due to the encrypt feature, with the thought that all email on their servers would be encrypted. That would be good in the event someone/foreign state hack was successful of the email service.
However, you said the encryption only happens if the email sender and receiver both use Protonmail, so that would not be of much use to me, other than the Protonmail service is quite small compared to Gmail or Outlook/Hotmail and the hackers would target the larger email services.
Title: Re: China accused of hacking into Microsoft Exchange email service
Post by: Jason on July 22, 2021, 01:38:32 PM
Quote from: ssfc72 on July 22, 2021, 02:10:24 AM
However, you said the encryption only happens if the email sender and receiver both use Protonmail, so that would not be of much use to me, other than the Protonmail service is quite small compared to Gmail or Outlook/Hotmail and the hackers would target the larger email services.

Sorry, I should have been more clear. The email messages that are stored on the server are encrypted.

What I meant was that if you want to send an encrypted message to someone, they also need to be using the Protonmail server unless you agree on a password that you use and then it sends a link they click on and enter that password to read the message.

So, to reiterate, all your email on the server is encrypted regardless of if you send or receive an encrypted or non-encrypted email. So, if that's what you're looking for, Protonmail or Tutanota would be great. Tutanota just gives you more messages and a cheaper Premium account if you went that way. Tutanota also has an encrypted calendar but I think Protonmail has that, too. Both also use Open Source code.
Title: Re: China accused of hacking into Microsoft Exchange email service
Post by: ssfc72 on July 22, 2021, 02:38:37 PM
Ok Jason, thanks for the additional info.