AVSIG: Your MS login can be stolen wwswsigarch.jpg (7236 bytes)

✈ . . . . . . ✈ . . . . . ✈ . . . . ✈ . . . ✈ . . ✈ . ✈ . . ✈ . . . ✈ . . . . ✈ . . . . . ✈ . . . . . . Touch-and-Go to our Live Forum (This is a Read-only Archive of the 2004-2017 AVSIG Forum)


AVSIG Discussion Sections >> Hardware/Software

Pages: 1
Russell Holton
AVSIG Member


Reged: 07/07/05
Posts: 14136
Your MS login can be stolen
      #428729 - 08/02/16 10:20 PM

Microsoft won't fix Windows flaw that lets hackers steal your username and password

"A previously-disclosed flaw in Windows can allow an attacker to steal usernames and passwords of any signed-in user -- simply by tricking a user into visiting a malicious website.

...

"The flaw wasn't considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts -- which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others.

"Overnight, the attack got larger in scope, and now it allows an attacker to conduct a full takeover of a Microsoft account.

...

"There's a simple mitigation, according to the group. Don't use Internet Explorer, Edge, or Microsoft Outlook, and don't log in to Windows with a Microsoft account.

"Chrome and Firefox users aren't affected."


Post Extras: Print Post   Remind Me!   Notify Moderator  
Ray Tackett
Top Gun


Reged: 04/30/04
Posts: 8892
Loc: Philadelphia, USA
Your MS login can be stolen [Re: Russell Holton]
      #428731 - 08/03/16 04:35 AM

Thanks for the warning.

In a way, it's old news. Internet Exploder has been a security disaster from
day one. I doubt that calling it "Edge" was much help.

Years ago, I made IE very hard to find (can't get rid of it) so there are no
file associations, etc. which will start it. The only way left to run it
(why would I want to?) is via Start, Run, iexplore.exe

--------------------
Ray,

Owner, Lake Wood Be Gone

Turning quality lumber into sawdust and noise since 2013.


Post Extras: Print Post   Remind Me!   Notify Moderator  
Terry Carraway
Top Gun


Reged: 06/02/04
Posts: 7098
Loc: Maryland
Re: Your MS login can be stolen [Re: Russell Holton]
      #428734 - 08/03/16 04:52 AM

That is why I do not use Outlook, and do not link my Win login to any other MS logins (Skype Hotmail, etc).

--------------------
Terry
Mostly 0W3


Post Extras: Print Post   Remind Me!   Notify Moderator  
Ray Tackett
Top Gun


Reged: 04/30/04
Posts: 8892
Loc: Philadelphia, USA
Your MS login can be stolen [Re: Terry Carraway]
      #428742 - 08/03/16 11:49 AM

This trend to linked logons, especially in phone apps, e.g. "Log on via
Facebook", is a recipe for disaster IMO.

Phones are notoriously insecure, yet banks and credit card companies
encourage people to use their apps to manage accounts. I predict that
convenience will become very costly.

--------------------
Ray,

Owner, Lake Wood Be Gone

Turning quality lumber into sawdust and noise since 2013.


Post Extras: Print Post   Remind Me!   Notify Moderator  
Russell Holton
AVSIG Member


Reged: 07/07/05
Posts: 14136
Re: Your MS login can be stolen [Re: Ray Tackett]
      #428747 - 08/03/16 02:11 PM

I personally don't see much value in banking apps on a phone. I do banking from home where I have a "full" computer.

Post Extras: Print Post   Remind Me!   Notify Moderator  
Ray Tackett
Top Gun


Reged: 04/30/04
Posts: 8892
Loc: Philadelphia, USA
Your MS login can be stolen [Re: Russell Holton]
      #428759 - 08/03/16 07:08 PM

Same here and with a very strong user ID and password combo. Neither the ID
nor the password are stored anywhere and neither is used on any other site.
Likewise with my credit cards.

My bank used to push their app rather aggressively with popups, etc., on
about two out of three logons. I sent them a message asking for a really
good explanation of why I should put my most important financial information
on the most insecure device I could find -- if ever I would own one. I got
no reply, but the popups stopped a couple of weeks later.

It's a small bank and I'm personally acquainted with their IT manager from
back when they limited passwords to eight characters.

--------------------
Ray,

Owner, Lake Wood Be Gone

Turning quality lumber into sawdust and noise since 2013.


Post Extras: Print Post   Remind Me!   Notify Moderator  
Pages: 1



Extra information
0 registered and 93 anonymous users are browsing this forum.

Moderator:  Mike Overly 

Print Topic

Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      UBBCode is enabled

Rating:
Topic views: 1587

Rate this topic

Jump to

Contact Us AVSIG

Powered by UBB.threads™ 6.5.5

Logout   Main Index    AVSIG Aviation Forum