Don't haggle over the price of an egg
|
|
|
Microsoft adds hacked friend account reporting to Hotmail
SOFTWARE VENDOR Microsoft has added a feature to its Hotmail email accounts where users can report that a friend's account has been hacked.
Dick Craddock, group program manager at Hotmail, acknowledged in a blog post that account hijacking is "a big problem" at Hotmail, and that a better approach to countering it was needed.
He said Microsoft noticed that in many cases when an account is hacked, friends notice it long before the user does, simply because of the spam and phishing attempts sent to people on the user's contacts list.
This led to Microsoft adding a "My friend was hacked!" report feature, which can be accessed from the 'Mark As' menu. From here you can also report an email as a phishing scam.
A hacking report can also be sent when moving an email to the Junk folder. Users simply need to tick the box where it says "I think this person was hacked!"
Once a report has been made Microsoft will investigate the account and most likely flag the account as being compromised. Other factors such as the under the hood spam detection are also used to identity compromised accounts.
Unfortunately, there is some potential for abuse here. If you fall out with a friend they could mark your account as being hacked simply to annoy you. While Microsoft might not lock your account if it doesn't identify it as sending spam, it could create an unfortunate situation as an act of spite.
Initially Microsoft was only able to let users report fellow Hotmail accounts as being compromised, but it decided to add support for Gmail and Yahoo Mail as well. While neither of these can make the reports, Hotmail users can report Gmail or Yahoo accounts that they believe have been hacked. Microsoft will forward those reports to Google and Yahoo to deal with.
Microsoft is also addressing a worrying trend of simplistic common passwords that are being used on its service. It revealed that many people actually use passwords like "password", "123456", "ilovecats" and "gogiants". Over the coming weeks it will introduce a system that will force users to pick a stronger password.
Hacked accounts, phishing scams and an endless wave of spam are some of the things that led many to leave Hotmail in the first place, especially in comparison to the strong spam detection of Gmail.
Microsoft admitted that it has identified thousands of hacked accounts in the past few weeks alone, showing how successful hacked email accounts analysis can be. This feature could help open up Hotmail as a viable email service again. µ
Tags: Microsoft
Share this:
Share
Excellent point!
"It's the simplest way to block a dictionary attack -- run out the clock. What kind of crappy systems allow you 100,000 tries to guess a password?"
The only reason I can think of for not doing that is they don't really want to stop the spam.
Who uses Hotmail? Or its spaces, or live spaces or whatever it's calling it now. I stopped using hotmail a decade ago and only use my account when forced to register with websites that want to be able to send me emails or spam as I never bother to log in otherwise. Why is it that Hotmail alone seems to be plagued by spammers and such hijacking as is forcing them to ban people's password choices? If I choose to take a risk in choosing a password I can remember, how is it affecting them? I have no problem at all with yahoo or gmail. And then it's the way hotmail communicates- "Hooray!" it tells me in a pop-up using its nauseating faux-informal Americanism, as it takes credit after I myself had to manually delete literally hundreds of obvious spam from my junk folder. Give me a company that takes itself and its users seriously anytime whilst Microsoft sends its 'Bing' into Bed with the Chinese after Google found its conscience again.
www.tracesofevil.com
I have friends still using Yahoo email (no, I don't know why, either) and it's a rare week when I don't get a few obvious spams "from" at least one of them.
Victor, i'll just quote
"Unfortunately, there is some potential for abuse here. If you fall out with a friend they could..."
LOL @ your own title. :P
Instead of forcing users to create passwords they can never remember, simply lock the account out for 5 minutes after two unsuccessful attempts. It's the simplest way to block a dictionary attack -- run out the clock. What kind of crappy systems allow you 100,000 tries to guess a password? Obviously there's no "person" typing that in... It would take about 10 minutes of coding to do this yet nobody every does