Microsoft used to have a bad rep for security, but since they introduced their secure development lifecycle about a decade ago there has been a noticeable improvement.
Perhaps I shouldn’t have been surprised to notice something amiss today, but I was. I was using the Office365 outlook web app and noticed an issue with the SSL security being reported in my browser.
Which of the common and basic security mistakes have they made this time?
Part of the page is not encrypted? I guess someone hard-coded http somewhere.
C’mon Microsoft, you can do better.