Hi all.
This was going to be an audio recording but I decided in the end that text may be better, I have a lot to say and the grass is being cut right now and its to noisy.
3 things have concerned me over this week.
2 of them are ms related.
1 of them isn’t and there maybe another few microsoft related things.
There are questions I have answered, things like “why the fuck has this happened in the first place”
and why is it still happening?
On thursday I recieved a message from amazon.
This message stated that a password database had been found online and that all email info and passwords were reset.
Instructions were set to recover the account.
I followed them with firefox and got past capchas and the like.
Only to find that there was no email associated with my account and that I had basically been deleted.
attempting to contact via mail got me nowhere as I was returned to where I logged in in the first place.
In the end I created another account, ofcause all my credit card info, and everything I had ever payed from them was lost.
I was not that angry, 1 book on audible was about all I had got and I hadn’t liked that book or the audible service anyway and never went back to it.
I havn’t got anything from the site for some time since well amazon does not support paypal and I buy from places that use paypal more than an actual card these days.
However it did concern me enough to do a search.
What I found was alarming in early -late 2013 a group called anonymous pulled 13 million passwords from amazon and put them online.
Fine breaches like tyhis happen probably a bit to often now but its the way of the net.
In early 2014 however a user reported getting an email from amazon lagit same as I had.
several others reported similar emails.
This brings up an interesting lot of concerns.
1. amazon continuously is getting hacked and the passwords are appearing online.
or that an alert is not being cleared and is still not cleared causing all this junk.
Lets explore these one at a time.
1. amazon is being hacked.
Amazon has several sites under its belt.
these include music amazon mp3, kickstart, imdb for movies, amazon aws cloud s3 cloud, vertual machines and other things becides.
AAll juicy targets to be sure.
Fine as it goes, it appears people use the same passwords on sites and once chained well, if one goes it all goes.
A story about a chain attack goes like this, a hacker decided to hack a guy’s twitter as a dare for a friend.
He did this via his facebook apple id and email.
he wanted a bit of fun just for the hell of it.
Then he was going to clear out.
AAll well and good however this guy had linked his email, facebook, twitter, apple and several services and even aparently banks with the one address.
Notice linking addresses is fine but linking clouds from the clouds etc is probably not the best.
Ie signing up using one cloud to get identification for another.
Yes its convenient however your risk goes up.
Everyone should have different passwords or if they use similar at least don’t link the accounts unless you really want to and in that case be carefull what you link
Anyway this guy didn’t his chain was all hacked and it broke.
He lost everything.
Sure you can probably reset all your passwords, mail, etc.
but you start hitting really secure things and things can get wrong.
I forget what happened but basically it was bad all round.
amazon has one such chain, and there are risks associated with linked clouds.
Its not bad but even so its hard to manage.
At university I spoke to one of their techs and found out that every 6 months every computer and server was reformatted.
Every year or so every backup was formatted to.
The reason was the lot of systems were so big collectively that any virus got in they wouldn’t be able to fully clear let alone find it.
So the same could apply here?
probably.
We are left with the second and probably more likely issue.
The alert was never cleared so randomly its firing killing accounts because it is and thats about it.
Its not good for business if this keeps up who knows.
The second load of things I will cover is microsoft.
The first issue is the to many issue.
To many issues, to many unresolved errors, to many patches.
Every patch is about remote execution, even in the latest os, you would have thought it would be sorted now but no, every update so far is for remote control, bad kernals, bad graphic and font engines, bad scripting hosts, dotnet, office documents and the web.
There are to many, far to many.
The other is that ms and its partners seem to be inadvertantly dropping their certifficates online and while they are clearing their mess as they go shouldn’t they be not dropping certifficates?
Also there have been to many of late updates that either are to address people clicking unknown links in spam emails or that make functionality better only to totally break something in the process.
in some cases ie latest outlook safemode admin update ms has had to say remove the update till we replace it.
There have been worse updates that stop system loading at all because of conflicts.
And in which case its mute, if you are effected you will have to reformat to get your pc working again you won’t be able to remove the update if your system does not boot.
or you won’t be able to access the net and get the update because the previous patch prevents you from doing so.
Today I got a concerning letter from a user on another list.
microsoft has decided to can windows live mail 2012 unless you update it or go to windows 10 and use their email app.
So we can be sure that microsoft are again forcing everyone that use their live system to upgrade when they may or may not want to.
Ms got into trouble once over trying to sneak windows 10 onto computers and quickly withdrew the thing saying it was a mistake.
when I got windows upgrade notification in 7 I looked at upgrading, it was easier to remove the offending notification from the tasks even though I had to hack some security settings to do so.
In this case you just have to switch to thunderbird and use gmail or something else or just not use windows live but what happens if people like windows live or even better really don’t want to switch.
I personally think this is ms trying to get more sales of win 10
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.