Should have used Ironkey & Cryptocard for 2FA and secure connectivityThousands of accounts on web-based e-mail system Hotmail have been compromised in a phishing attack, software giant Microsoft has confirmed.
BBC News has seen a list of more than 10,000 e-mail accounts, predominantly originating from Europe, and passwords which were posted online.
Microsoft said it had launched an investigation.
Phishing involves using fake websites to lure people into revealing details such as bank accounts or login names.
"We are aware that some Windows Live Hotmail customers' credentials were acquired illegally and exposed on a website," said a Microsoft spokesperson.
"Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers."
Quick change
Graham Cluley, consultant at security firm Sophos, told BBC News the published list may just be a subset of a longer list of compromised accounts.
"We still don't know the scale of the problem," he told BBC News.
Technology blog neowin.net was the first to publish details of the attack. It said the accounts were posted on 1 October to pastebin.com, a website commonly used by developers to share code.
Although the details have since been removed, BBC News and Neowin has seen a list of 10,028 names beginning with the letters A and B.
BBC News has confirmed that the accounts are genuine and predominantly originate in Europe.
The list included details of Microsoft's Windows Live Hotmail accounts with email addresses ending hotmail.com, msn.com and live.com.
Mr Cluley advised Hotmail users to change their password as soon as possible.
"I'd also recommend that people change the password on any other site where they use it," he said.
Around 40% of people use the same password for every website they use, he added. With Ironkey's Password Manager, you need not worry about managing multiple log on details as the platform does it all for you.
Well worth the investment - www.ironkey.com
The Northern Ireland Department of Finance & Personnel (DFPNI)- Sign up for Enterprise Ironkey Platform
Working direct with the development team in Ironkey, the Envisioning Team in conjunction with Business & Scientific Services (BSS) developed a very special Ironkey that would benefit and secure Microsoft Vista machines across the entire Northern Ireland Civil Service and beyond. A Senior official within Microsoft commented 'Microsoft see huge benefit in this solution and believe it could be taken used within the Global Service Market'.
Building on the secure Ironkey platform, the NICS and the Envisioning Team believe Ironkey can address the required security needed for a modern day Government.
The Northern Ireland Envisioning Team are leading the way for our UK counterparts. A recent statement from Gordon Brown states 'Government cannot promise the safety of personal data entrusted by the public'. What a statement - Way to go Gordon
I found this little device after looking for a 'Zero Client' PC.Not only has this little device no CPU, no memory, no operating system, no drivers, no software and no moving parts it's footprint is less than a tea coaster.
Pano connects keyboard, mouse, display, audio and USB peripherals over an existing IP network to an instance of Windows XP or Vista running on a virtualised server. Pano is power friendly, consuming only 3% of the energy consumed by a traditional desktop computer. For those organisations considering reducing their carbon footprint and driving a clear desk policy, this is the device of choice.
For the Enterprise user it is clear that in a virtual world, pano alongside Microsofts, Application & Server Virtualisation makes for a very strong solution offering. To deploy a Pano device, simply connect it to peripherals, network and power. There is no configuration to perform, no firmware to update, and no software to download. As soon as a Pano is connected to a network, a logon screen appears. Users enter their Windows credentials and are automatically connected to their virtual machines. From there on, it's the same Windows experience.
From a security point, the Pano is secure because it does not run an operating system or any other software. Because there is nothing in a Pano that can be infected by a virus or have malicious code installed, it doesn't need to be scanned for vulnerabilities or exploits.
Even when a peripheral such as a USB thumb drive is connected, Pano remains secure. Peripherals work only when the user is authorised via policies enforced by the Pano Management Server. If the user isn't authorised, Windows doesn't even see the peripheral that is connected to the Pano. If a user is authorised, the peripheral is connected directly to Windows. Pano enforces fine-grained access policies based on Active Directory user group membership, USB device class, and operation. As an example, a user may be authorised to read from a CD, but not write to it. This policy allows users to copy files or load software onto their virtual desktop, but prevents data from leaking out. Even when users are authorised, Pano can record USB operations so that the business can keep track of all its information assets. This is a great move for those organisations considering 'Rights Management'.
I believe this is one product worth watching
A new Microsoft-developed technology called SideSight looks like something that deserves to be on a next-generation iPod touch. Or in a magician's repertoire.
The media has recently reported incidents involving the spread of the W32.SillyFDC worm, a low-risk piece of malware that sometimes infects PCs and networks via USB flash drives. Several government agencies have implemented a temporary ban on removable media.
What’s Live Mesh?
