Microsoft Office 365 Exposing User’s IP Address in Emails





Microsoft Office 365's webmail interface has been accused for exposing the user's IP address injected into the message as an extra mail header.

This news comes as a rather major warning to those who resorted to Office 365 webmail interface to hide their IP address, because in reality they are not concealing anything.

The service injects an extra mail header into the email called x-originating-IP that contains the IP address of the connecting client, which for this situation is the user's local IP address and this all happens when an email is sent via Office 365 (https://outlook.office365.com/).

BleepingComputer even came around to test the webmail interfaces for Gmail, Yippee, AOL, Outlook.com (https://outlook.live.com), and Office 365.

As for Microsoft, it has removed the x-originating-IP header field in 2013 from Hotmail to offer their users much better security and privacy.

"Please be informed that Microsoft has opted to mask the X-Originating IP address. This is a planned change on the part of Microsoft in order to secure the well-being and safety of our customers."

However for Office 365, who 'caters to the enterprise', this header was deliberately left in so that admins could scan for email that has been sent to their respective organization from a specific IP address. This was particularly helpful for finding the location of a sender in the event of an account getting hacked.

And for Office 365 admins who don't wish to keep utilizing this header, they are allowed to make another new rule in the Exchange admin center that easily removes the header.



In any case, for security and auditing purposes, it is most likely a more shrewd decision to keep it enabled.


Gmail's Confidential Mode for G-Suite to be Launched on June 25




In an attempt to mature its email services, Google rolled out a privacy-centric feature called as ‘confidential mode’ which according to the announcements made by the company will be available for all the G suite users in the month of June. Reportedly, in 2018, a beta version of the feature has been launched in the month of August.
The feature is well-built to serve the users and their sensitive information; once available, the mode is configured to “be set to default ON for all domains with Gmail enabled, unless you choose to disable this feature" as per the Google announcements.
With the newly added Confidential Mode turned on, users are aided with inbuilt information rights management controls which allow them to set a specific expiration date for emails that will delete them automatically after the set deadline and they can also, revoke sent emails.
This groundbreaking feature of Gmail will also allow users to send self-destructing emails that will restrict forwarding and block printing to other users. 
As the officials further explained, “Because a sender can require additional authentication via text message to view an email, it’s also possible to protect data even if a recipient’s email account has been hijacked while the message is active."

How to use confidential mode

First of all, ensure that you are using the new version of Gmail which can be activated from the gear icon at the top.
Now open Gmail and click on compose, at the bottom of the mailbox will appear a tiny clock icon, click on that icon to configure the settings of that mail.  
You will have to go through this procedure for each mail you wish to use the feature with as the mode is configured on a per-email basis.



Google Using Gmail to Track User Purchases




The privacy of Gmail took a severe hit after a Reddit user's take on the matter related to privacy, he shared how he found that his Google Account's Purchases page carried a record of all his purchases made from other online platforms like Amazon; notably, it included the purchases made without using Google Pay.

Prior to appearing into your Google account, your Gmail messages undergo scanning by Google for purchases which happen at the expense of the privacy that the platform was supposedly providing.

While briefing his experience, the Reddit user told that when he checked his Google Account Purchases page, he discovered that the Purchases page also consists a record of the purchases he made from Adidas, Dominos, Amazon, Steam and some other online stores. To put the things into perspective, he further told that he does not use Google Pay.

On being enquired on the matter, Google stated that the source of information was Gmail messages. They also confirmed that the company is not making use of purchases or any other data stored in user emails and that this was configured to aid users in finding and tracking their valuable data.

Referencing from the company's statements, “To help you easily view and keep track of your purchases, bookings, and subscriptions in one place, we’ve created a private destination that can only be seen by you. You can delete this information at, any, time. We don’t use any information from your Gmail messages to serve you ads, and that includes the email receipts and confirmations shown on the Purchase page. We're always working to help people understand and manage their data.”



Google Maps, Gmail, Drive, Facebook and Instagram Suffered Outage




Google addressed an influx of complaints it received from the users regarding the misbehavior of its popular services like Gmail, YouTube, and Google Drive among others. Users all across the world were troubled by the outage of the services they heavily rely upon for various day-to-day activities. 

Though the cause of the outage has not been confirmed, the issues of the users were addressed by Google.

Besides Google, Youtube has also received complaints by its users which it addressed on Twitter telling them that the platform is aware of the service disruption and the problems faced by its users. Alongside, YouTube assured the sufferers that it is already looking into the matter and will come up with a fix.

Notably, YouTubers and content creators were facing problems while uploading videos and viewers were unable to watch the videos smoothly.

Addressing the issues with Google Drive, the company said, “We’re investigating reports of an issue with Google Drive. We will provide more information shortly. The affected users are able to access Google Drive, but are seeing error messages, high latency, and/or other unexpected behavior.”

Similarly, for Gmail, the company stated, we’re investigating reports of an issue with Gmail. We will provide more information shortly. The affected users are able to access Gmail but are seeing error messages, high latency, and/or other unexpected behavior.

Furthermore, Google mentioned in its G Suite Status Dashboard that the issue has been rectified and the services, i.e., Gmail and Google Drive will be functioning properly soon.

“The problem with Google Drive should be resolved. We apologize for the inconvenience and thank you for your patience and continued support. Please rest assured that system reliability is a top priority at Google, and we are making continuous improvements to make our systems better.”

While acknowledging the disruptions faced by its Cloud Engine, Google said, “We are still seeing the increased error rate with Google App Engine Blobstore API. Our Engineering Team is investigating possible causes. Mitigation work is currently underway by our Engineering Team. We will provide another status update by Tuesday, 2019-03-12 20:45 US/Pacific with current details.”

On the other hand, Facebook was down for more than 14 hours due to which millions of users across the globe were denied access to the platform. It was on Thursday morning, Facebook along with its associated apps seemed to be regaining operational status.

While Facebook is yet to provide an explanation for the services being disrupted, it said, "We're aware that some people are currently having trouble accessing the Facebook family of apps,"
"We're working to resolve the issue as soon as possible."

Being fallen prey to the same crisis, the issues faced by Instagram users included not being able to refresh the feed and other glitches while accessing the content.

Commenting on the matter, Elizabeth Warren, a potential Democratic candidate in the next US presidential election, said in a statement to New York Times, "We need to stop this generation of big tech companies from throwing around their political power to shape the rules in their favor and throwing around their economic power to snuff out or buy up every potential competitor."