Thursday, July 14, 2011

Hotmail Security, Common Passwords Blocked


A commonality in hacked Hotmail accounts is a weak password.  A weak password is  not only a sequence of numbers or consecutive keyboard characters such as 3333333 or asdfgh.  Any dictionary word (regardless of language), abbreviations, and words spelled backward are weak passwords.  The list of common passwords also includes personal information, such as your children or pet's name, telephone number, house numbers, etc.

Hotmail Team Action

The Hotmail team is rolling out a new security feature that will prevent you from choosing a very common password when recovering a compromised Hotmail account, signing up for a Hotmail account or when changing your password. In addition, if you are already using a common password, you may, at some point in the future, be asked to change it to a stronger password.

Key to a Strong Password

The key to a strong password is both complexity and length.

Complexity is not merely adding an upper case letter or an obvious misspelling, such as P@$$w0rd.  That just won't pass muster. A list of the 500 worst passwords is in the references below.  If you use any of those examples or even something similar it is time to change it, especially for your e-mail, banking or any site where you pay bills or conduct on-line purchases. 


Although some websites limit the number of characters allowed in a password, the longer your password, the harder it will be for it to be compromised. 

Test the passwords you use with the Password Checker. If your password is weak or medium in strength, make it experiment with the Password Checker adding characters, with a combination of upper and lower case letters, numbers and keyboard symbols.


Additional Topics on Managing Hotmail


References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Hotmail Security, How to Report a Hacked Account

Hotmail
Dealing with hijacked Hotmail accounts has long been a top priority for the Hotmail team.  The Hotmail Safety and Security blog recently reported about an increase in hijacked accounts and spam emails sent to a account owner's contact list without their knowledge.

Some of the symptoms reported to the Hotmail team by people whose account was hijacked include:

  • Deleted contacts
  • Deleted emails
  • Safe sender's list is deleted
  • Junk Mail Settings is set to Exclusive, which prevents mail from being delivered to the Inbox.
Unfortunately, the account owner is not always the first person to discover that their account has been hacked.  Instead, it is the recipients of the spam or phishing emails that arrived in their inbox from their friend's hacked account.

How to Report a Hacked E-Mail Account

Now, in addition to contacting your friend about the problem with their account, the Hotmail team is incorporating a way to report a compromised account. 

From the "Mark as" menu option, click the My friend’s been hacked!” option:


You can also report an account you believe is compromised while marking as Junk or moving it to the Junk folder:

What Happens After The Account is Reported

When Hotmail receives the report, the information is added to the other information from their compromise detection engine to determine if the account has been compromised.

If the reported account is a Yahoo! or Gmail account, arrangements have been made with those providers for the information to be forwarded to them to use in their respective systems to recover hacked accounts.

For Hotmail accounts identified as compromised, the following will occur:

  • The spammer can no longer use the account
  • When the account owner attempts to access their account, they will be referred to the account recovery process.


Additional Topics on Managing Hotmail


References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, July 12, 2011

Windows Vista SP1 Reaches End of Support

With the release of the July 12, 2011, Security Bulletin, Windows Vista Service Pack 1 (SP1) has reached its end of support life cycle.  In the case of a service pack, "End of Support" means that automatic fixes, updates and online technical assistance will no longer be provided by Microsoft.

Don't be a victim to malware.  Update to the latest service pack to stay up to date with security updates and reduce the chances for infection.

Windows Service Pack Lifecycle


As shown in the table below from the Windows lifecycle fact sheet - Microsoft Windows, the only services packs still supported are for Windows XP SP3, Windows Vista, SP2 and Windows 7 SP1. 

Desktop operating systems
Date of availability
Support retired
Windows XP SP1
August 30, 2002
October 10, 2006
Windows XP SP2
September 17, 2004
July 13, 2010
Windows XP SP3
April 21, 2008
Windows Vista SP1
February 4, 2008
July 12, 2011
Windows Vista SP2
May 26, 2009
Windows 7 SP1
February 22, 2011

Update to Windows Vista SP2

If you are not sure if you have installed the latest service pack, you can easily find out by clicking the Start button, right-click Computer and select Properties.  SP2 will be listed in the Windows edition section if it has already been installed.


In the event you discovered SP2 has not been installed yet, Microsoft has provided very complete instructions installing Windows Vista SP2, including recommendations to follow prior to updating to SP2.  Following the "Before You Begin" recommendations at Learn how to install Windows Vista Service Pack 2 (SP2) will help ensure a smooth upgrade to SP2.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Microsoft July 2011 Security Bulletin Release


Microsoft released four (4) bulletins, one rated Critical and three rated Important. The bulletins address issues in Microsoft Windows and Office. Twenty-two (22) vulnerabilities are be closed with those bulletins.

Although an an Exploitability Index rating of 2, Microsoft identified MS11-053 as the highest deployment priority for the July updates:

MS11-053 (Bluetooth Stack). This security bulletin resolves one privately reported vulnerability in the Windows Bluetooth Stack. This bulletin is rated Critical for Windows Vista and Windows 7 platforms. All prior versions of Windows are unaffected.
As indicated in the below-linked Security Research and Defense blog post, if you are not yet prepared to install the MS11-053 security update, you can close off the attack surface by preventing any Bluetooth device from connecting to your computer.

In reviewing the Executive Summaries from the Security Bulletin Summary, note that updates are included that will require a restart.  Regardless of the recommendation, it is always best to restart your computer after applying updates. 

Support

The following additional information is provided in the Security Bulletin:
  • The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
  • Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
  • International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Saturday, July 09, 2011

WinPatrol PLUS Special Half-price Sale!

Scotty, the Windows Watchdog, has changed over the years to keep up with the changes in the Windows operating systems he monitors.  WinPatrol is a multi-purpose utility designed to increase performance and protect against unwanted changes to your Windows Computer.  The program was introduced in the days of Windows 95 and is compatible with every Windows Operating System, both 32- and 64-bit.  WinPatrol is free for personal use and also has a one-time payment licensed PLUS version.

The features listed below are among the reasons I use WinPatrol, described more fully at the WinPatrol Features page:
  • Delay Startup Programs
  • Track Date/Time Programs are First Detected
  • Prevents Changes to File Type Associations
  • Keylogger Detection
  • Kill Multiple Tasks in One Step
  • Well over Twenty Thousand Program Descriptions
  • Disable Vulnerable Active X Controls
If you've been waiting for some extra cash to upgrade to WinPatrol PLUS, now is the time!  For a limited time, Bill Pytlovany is offering a special half-price sale.  Get WinPatrol PLUS for a one-time fee of $14.95!

http://www.winpatrol.com/

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Thursday, July 07, 2011

Security Bulletin Advance Notification for July, 2011


On Tuesday, July 12, 2011, Microsoft is planning to release four (4) bulletins, one rated Critical and three rated Important. The bulletins will be addressing issues in Microsoft Windows and Office. Twenty-two (22) vulnerabilities will be closed with those bulletins.

In addition to the upcoming security updates, the MSRC Blog also referenced the Special Edition Security Intelligence Report (SIR) entitled Battling the Rustock Threat.  The special SIR provides new data on the Rustock botnet and the impact of the malware on computers around the world.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...