Internet Explorer, Outlook Give Away Your Login Credentials and Passwords to Strangers

Due to a security flaw in the Windows operating system which first came to the attention of security experts in the 1990s, anybody can see the login IDs and passwords you have used on the Internet Explorer browser. It wasn’t given much thought to at the time, given that the internet was still in its infancy – high-speed broadband had yet to enter homes worldwide, and because of high access costs, the only ‘users’ then were corporates.

However, at the Black Hat Conference 2015, security experts pointed out that Microsoft still hadn’t fixed the problem, leaving millions of Internet Explorer and Outlook users vulnerable. All the more so because the US-based company’s latest version of their widely popular operating system, Windows 10, makes Microsoft’s cloud accounts the default for signing into a PC. This means that anyone can get their hands on your Microsoft account username and password, giving them access to OneDrive, Office, Outlook, Skype, Bing search history, any Windows Mobile device connected with the account and Xbox Live.

Microsoft officially has no comment, except that ‘they are aware of it’.

The VPN advantage

With a Virtual Private Network, how it works is that a physical VPN server is placed between you and the internet. When you type in an URL like www.australianvpn.com into the address bar of your Internet Explorer browser, there is a request for data access created by the browser which is sent to the web server that hosts the website. However, the VPN client installed on your PC or mobile device does something clever – it changes a few bits and pieces here so that the data request gets sent to the VPN server instead. The VPN server does the opposite, figuring out where exactly the data request was intended to go and sending it there. Because the request is now from the VPN server, another computer, that is where the web server sends the data on the website. The VPN server then forwards this to your mobile device or PC and it appears in your browser or app.

In other words, all a hacker that is bent on making use of the IE security flaw can gain is your VPN login and password – and this doesn’t serve him/her any purpose, because logs (records of users’ online activity) are not maintained by Virtual Private Networks or VPNs. This way, he/she cannot see any of your other login/password combinations.