They keep putting new lipstick on that pig.
Whoopsie daisy...
What made the discovery especially strange was that affected users allegedly had SSL/TLS enabled in Outlook. Yet many of those same accounts were still connecting over port 110, the old unencrypted POP3 port, rather than port 995, which is typically used for encrypted POP3 traffic.
According to the report, Outlook appeared to ignore the SSL/TLS selection entirely in certain configurations and continued sending authentication traffic over insecure connections without properly warning users.
They keep putting new lipstick on that pig.
Whoopsie daisy...
>What made the discovery especially strange was that affected users allegedly had SSL/TLS enabled in Outlook. Yet many of those same accounts were still connecting over port 110, the old unencrypted POP3 port, rather than port 995, which is typically used for encrypted POP3 traffic.
>
According to the report, Outlook appeared to ignore the SSL/TLS selection entirely in certain configurations and continued sending authentication traffic over insecure connections without properly warning users.