If you use Office 365's webmail interface to prevent email recipients from seeing your local IP address, you are out of luck. When sending email through Office 365, your local IP address will be injected into the message as an extra mail header. Operating a web site and focusing on infosec related topics has made me a paranoid person.  This leads me to send replies to stranger's emails via webmail so I do not expose my local IP address for security and to protect my privacy. It turns out that if you have been using the Office 365 webmail interface to hide your IP address, you are not hiding anything. When sending an email via Office 365, the service will inject an additional mail header into the email called x-originating-ip that contains the  IP address of the connecting client, which in this case is your local IP address. BleepingComputer tested the webmail interfaces for Gmail, Yahoo, AOL, Outlook.com, and Office 365. None of the webmail interfaces other than Office 365 injected the user's local IP address, which is what most have come to expect when using webmail. If you are using Office 365's webmail interface and wish to keep your local IP address private, at this point you will need to connect to the webmail using a VPN or Tor. This will cause the services' IP address to be injected into the email rather than your local one. According to responses in Microsoft answers forums, Microsoft removed the x-originating-ip header field in 2013 from Hotmail to offer their users more security and privacy. For Office 365, who caters to the enterprise, this header was intentionally left in so that admins could search for email that has been sent to their organization from a particular IP address. This is especially useful for finding the location of a sender in the event an account has been hacked. More complete details can be found on OUR FORUM.

Facebook’s Messenger Kids app is built around a simple premise: children shouldn’t be able to talk to users who haven’t been approved by their parents. But a design flaw allowed users to sidestep that protection through the group chat system, allowing children to enter group chats with unapproved strangers. For the past week, Facebook has been quietly closing down those group chats and alerting users, but has not made any public statements disclosing the issue. The alert, which was obtained by The Verge. Facebook confirmed to The Verge that the message was authentic, and said the alert had been sent to thousands of users in recent days. “We recently notified some parents of Messenger Kids account users about a technical error that we detected affecting a small number of group chats,” a Facebook representative said. “We turned off the affected chats and provided parents with additional resources on Messenger Kids and online safety.” The bug arose from the way Messenger Kids’ unique permissions were applied in group chats. In a standard one-on-one chat, children can only initiate conversations with users who have been approved by the child’s parents. But those permissions became more complex when applied to a group chat because of the multiple users involved. Whoever launched the group could invite any user who was authorized to chat with them, even if that user wasn’t authorized to chat with the other children in the group. As a result, thousands of children were left in chats with unauthorized users, a violation of the core promise of Messenger Kids. Learn more by visiting OUR FORUM.