Tuesday, January 05, 2016

OpenStack 01/05/2016 (p.m.)

  • Tags: internet-security, email, Microsoft, penetration-attempts

    • Microsoft Corp. has agreed to change its policies and always tell email customers when it suspects there has been a government hacking attempt after widespread hacking by Chinese authorities was exposed.

      Microsoft experts concluded several years ago that Chinese authorities had hacked into more than a thousand Hotmail email accounts, targeting international leaders of China's Tibetan and Uighur minorities in particular — but it decided not to tell the victims, allowing the hackers to continue their campaign, according to former employees of the company.

      On Wednesday, after a series of requests for comment from Reuters, Microsoft said it would change its policy on notifying customers.

      Microsoft spokesman Frank Shaw said the company was never certain of the origin of the Hotmail attacks.

    • The company also confirmed for the first time that it had not called, emailed or otherwise told the Hotmail users that their electronic correspondence had been collected. The company declined to say what role the exposure of the Hotmail campaign played in its decision to make the policy shift.

      The first public signal of the attacks came in May 2011, though no direct link was immediately made with the Chinese authorities.

    • That's when security firm Trend Micro Inc announced it had found an email sent to someone in Taiwan that contained a miniature computer program.

      The program took advantage of a previously undetected flaw in Microsoft's own web pages to direct Hotmail and other free Microsoft email services to secretly forward copies of all of a recipient's incoming mail to an account controlled by the attacker.

      Trend Micro found more than a thousand victims, and Microsoft patched the vulnerability before the security company announced its findings publicly


Posted from Diigo. The rest of Open Web group favorite links are here.

Post a Comment