Once upon a time – dating back to the first “Concept” macro virus in Word – the Office folks were wary of new features that had possible security implications. But in the past few weeks, we’ve been introduced to two new features that have “Kick Me” written all over them.
The web-based Excel add-ins run inside a browser container that is embedded within the Office application on desktop-based platforms such as Office for Windows and runs inside an HTML iFrame in Office Online.
On May 6, in conjunction with the Build conference, the Dev Center added this document:
… and the black-hat, white-hat and rainbow-hat crowds went wild. Lawrence Abrams at BleepingComputer posted:
Charles Daradaman was first to the post with this:
Just like that.
Then there’s the newly announced “Streamlining payment processes” in Outlook. Mike Ammerlaan writing in the Dev Center explains it thusly:
Many emails in your inbox revolve around completing payment transactions such as paying a bill or invoice. We will soon be introducing payments in Outlook to help users to pay bills or invoices, right in email, without needing to switch to another app or service. Powered by Microsoft Pay, payments in Outlook is a fast and secure way to pay from within email. To start, it will be supported by a number of payment processors including Stripe and Braintree, billing services including Zuora, and invoicing services including FreshBooks, Intuit, Invoice2Go, Sage, Wave, and Xero. We are also working together to include Fiserv, through the Fiserv Innovation Network.
Businesses that send bills or invoice notifications to customers over email can now embed a payment action within Outlook. To get started working withpayments in Outlook, please review our documentation. Note that Outlook is not a bill payment service and Microsoft is not acting as a bill pay agent.
Payments in Outlook will roll out in phases, initially to a limited number of Outlook.com customers over the next few weeks and will be available more broadly in the coming months.
Yeah. What could possibly go wrong?
I’ve been accused in the past of whining about new “features” that seem ripe for painful plucking: “Woody, nobody will ever use that loophole,” and, “You don’t give enough credit to our fancy new security system.” Time and again, I’ve seen those new security systems fail.
What do you think? Join us on the AskWoody Lounge.