Samker's Computer Forum - SCforum.info

World TOP Headlines: => Latest Security News & Alerts => Topic started by: Samker on 03. January 2016., 09:30:08

Title: Microsoft plans to warn email users about possible spying by Governments ?!
Post by: Samker on 03. January 2016., 09:30:08
(http://4.bp.blogspot.com/-x3xLl4U25nE/UeBEbvr5AyI/AAAAAAAAJLA/X-W66wDLYeQ/s1600/1-Microsoft-Logo.jpg)

Microsoft will warn email and OneDrive users if it detects apparent attempts by governments to hack into their accounts: http://blogs.microsoft.com/on-the-issues/2015/12/30/additional-steps-to-help-keep-your-personal-information-secure/

The rollout of the alert system on Wednesday follows reports Redmond had failed to warn Hotmail users targeted by Chinese hackers, according to former employees.

Reuters reports Microsoft was hacked in 2011 but failed to notify affected users, partly to avoid antagonising China, the suspected culprit: http://www.reuters.com/article/idUSKBN0UE01Z20151231
Targeted users were instead advised to pick new passwords without any particular reason being supplied at the time.

Google, Facebook, Twitter and Yahoo already offer similar government hacker alert systems to the one just introduced by Microsoft: http://www.theregister.co.uk/2015/12/14/twitter_warns_users_statesponsored_snoops/
Alerts are far from rare. Google, for example, reportedly tells tens of thousands of users every few months that they’ve been targeted by foreign spooks.

Redmond’s alerting system has raised issues about US data breach disclosure laws. “If China had stolen Hotmail users' passwords, Microsoft would have had to tell users,” Christopher Soghoian, a principal technologist at the ACLU, stated in an update to his personal Twitter account But *private emails* are not considered PII [personally identifiable information]”: https://twitter.com/csoghoian/status/682412771410096128

Soghoian went on to take issue with Microsoft’s advice about changing passwords frequently: https://twitter.com/csoghoian/status/682450789940510721
Current best practice, advocated by most but not all security pros, is to use strong passwords together with a password manager. Changing passwords frequently tends to encourage the use of easier to remember passwords, which are easier for hackers of all stripes to guess.

(ElReg)