Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Microsoft Hotmail gets account theft protection

28 Sep 2010   #1
reghakr

Windows 7 Pro & Vista Home Premium
 
 
Microsoft Hotmail gets account theft protection

In a posting on the Windows Team blog, Microsoft has announced two new functions aimed at enabling Hotmail users to recover their accounts should they be taken over by criminals. Previously, an attacker who had obtained a user's password via phishing, a trojan or unencrypted Wi-Fi could lock the user out of their account simply by changing the password. Unless the actual user had entered an alternative e-mail address for a password reset and had remembered the security question, there was no way of reclaiming the account.

Microsoft has now introduced the ability to have a password reset code sent via SMS, allowing users to regain control of their accounts. This does, however, require the user to have entered their mobile number prior to having their account taken over. The SMS message contains a code which can be entered on the Microsoft web site to reset the account's password.
Microsoft has also introduced a "Trusted PC" function which links a specific PC to the Hotmail account, allowing it to be used to reset the password without requiring the actual password. These functions are also useful for the absent-minded.

To prevent the bad guys from simply changing these new options, they can only be changed in combination with the other options. To change the mobile phone number, for example, the user has to give their consent through one of the other options (email, Trusted PC or security question). Microsoft has also announced that the entire Hotmail session will in future be SSL encrypted previously it was only the login process which was SSL protected.

Source: http://www.h-online.com/security/news/item/Microsoft-Hotmail-gets-account-theft-protection-1097726.html


My System SpecsSystem Spec
.

28 Sep 2010   #2
wolwol

Windows 7 Enterprise x64
 
 

Hi Reghakr, That sounds great - but I've faced an entirely different situation that could potentially be the 'next big thing' in 'free email account abuse'
Imagine this: My Hotmail account had been around for a few years, and hence the address was fairly much in the public realm. When one day out of the blue I tried to log in and got the notice, "too many failed attempts to log-in - please try later"
Hmm~ well interesting because I was at work and hadn't attempted to login at all. I hadn't lost or forgotten my password. I waited the 24 hours MSN support suggested to no avail. Still locked out.
My guess - some script kiddy has probably tried to hack the account to gain access. OR some looser neighbor has acquired my email address and while they eat tea attempts to enter random passwords just to keep the account locked.

So... that means anyone who knows my email address can simply just attempt to login and lock my damn account (and keep it locked) I would prefer to have my account hacked and have them send mail on my behalf than to have some random have me locked out indefinitely.
Oh BTW going through the security option to change the password works, but the account still persists to be locked.
This would easily be scripted to harvest accounts and attempt logins NOT to gain access but to REDUCE access.
My System SpecsSystem Spec
28 Sep 2010   #3
BCXtreme

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by wolwol View Post
Hi Reghakr, That sounds great - but I've faced an entirely different situation that could potentially be the 'next big thing' in 'free email account abuse'
Imagine this: My Hotmail account had been around for a few years, and hence the address was fairly much in the public realm. When one day out of the blue I tried to log in and got the notice, "too many failed attempts to log-in - please try later"
Hmm~ well interesting because I was at work and hadn't attempted to login at all. I hadn't lost or forgotten my password. I waited the 24 hours MSN support suggested to no avail. Still locked out.
My guess - some script kiddy has probably tried to hack the account to gain access. OR some looser neighbor has acquired my email address and while they eat tea attempts to enter random passwords just to keep the account locked.

So... that means anyone who knows my email address can simply just attempt to login and lock my damn account (and keep it locked) I would prefer to have my account hacked and have them send mail on my behalf than to have some random have me locked out indefinitely.
Oh BTW going through the security option to change the password works, but the account still persists to be locked.
This would easily be scripted to harvest accounts and attempt logins NOT to gain access but to REDUCE access.
I've never heard of something like that before. Frankly I don't think that the person responsible is trying to prevent you from using your account (that serves no purpose to them); rather, I think what you are seeing is a side effect of someone earnestly trying to gain control of the account. Hackers don't try to gain control of email addresses to prevent you from using them, they want control so that they can use them for spam, viruses, or even illegal activity.
My System SpecsSystem Spec
.


Reply

 Microsoft Hotmail gets account theft protection




Thread Tools





Similar help and support threads
Thread Forum
remove hotmail account
My brother went to check his hotmail account on my computer. Now every time I open my e mail, his hotmail account comes up first (with all his e mail stuff) and I have to click it off before I can open my regular e mail account from Windows Essentials 2011. I looked in accounts, but his hotmail e...
Browsers & Mail
Hotmail Account Error
Task 'user@hotmail.com' reported error (0x80004005): 'There is an error synchronizing your mail account. Please verify your account is configured correctly by first accessing your mail on the web. Error: 4102 It completes the other 15 tasks correctly. My Hotmail seems to work fine in Outlook but...
Microsoft Office
Hotmail.co.uk account?
I had an @hotmail.co.uk email address. I created a new @outlook.com as I had too much spam. I can't log back into the @hotmail.co.uk email addresss as I wanted to close it and I've tried the forgot password method but still had no success. My question is what happens if I leave the email...
Browsers & Mail
Blocked out of my Hotmail account
Logging onto my hotmail account tonight I have discovered that the account has been blocked. I therefore need to use a code to unblock the account which is sent via my secondary email account. This is where the problem arises and I used a 'fake' account for this as I did not have a second email...
Browsers & Mail
Study: Electronic theft surpasses physical theft
Complete story at Study: Electronic theft surpasses physical theft | Security - CNET News
System Security
Microsoft cops to webcode theft
Microsoft has admitted that its new Chinese microblogging service used webcode pilfered from a similar service popular elsewhere in Asia. On Monday, as reported by The Reg, Asian microblogging site Plurk accused Microsoft China of pilfering its code for a new social-networking feature known as...
Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:18.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App