image684

Have I been Hacked by Nokia? Weird MS Account Issue

I am in the habit of regularly auditing my MS Account information as I want to know where my threat vectors are coming from. I am looking at you guys from Russia, please leave my account alone, will you! :)

Anyways, seriously now, I took a look a minute ago and I noticed something out of place. There is a Successful Login entry on my timeline last Thursday; from UK!

That is far outside my operational zone! So far even I’ll need to catch a plane to be there physically. And what troubles me most is the Browser/App reported: Unknown. Now I am a die-hard IE user. I intentionally use IE so I could be on the InfoSec warfront; contrary to what popular opinion is that IE is for NOOBs. Normally IE would have shown up there that says Unknown Browser if it were me.

Now, I know for sure I wasn’t in UK on that day, as I was still on vacation somewhere else. Normally my line of work require that I use VPN connection to work, and accessing my MS Account during my VPN connection gives a skewed login location of my company central server location that is well known in my timeline, but on that Thursday I was off duty, and my VPN access is mostly somewhere else totally.

So I did what a normal InfoSec person would do, I went to IPAddress.com for the WHOIS info of the IP address and my bacon was stolen! I have been hacked from Nokia HQ UK!

How is this possible. I thought Nokia is one of the good guys right? Could IPAddress.com get this wrong, I went to other WHOIS tools, they all told the same story, I have been hacked by Nokia. Now I don’t believe I am that important that Nokia would go after me, neither do I believe there is a Nokia Admin that needs my attention.

I just want to know how this is possible. I remembered Nokia had a Keynoting event on the day that I watched online, but I didn’t have to login at that time with my MS account, and even if I did, it wouldn’t have registered me at UK. What other event did I have last week that has to do with Nokia? Yeah, I downloaded the Recovery Tool but that was also without login. So what the freak is going on? Has any of you experience this kind of place-shift?

This is a riddle for any of you InfoSec experts out there. The way I see this. Nokia have been hacked, and the hacker used Nokia’s network to get to me. But I see this as least path effort as I haven’t got anything that any Hacker would go the length of hacking a renowned company to reach me. So what is this? Go ahead people, theorize. I am curious to your thoughts on this. In the meantime, excuse me while I clean up my MS Account.

About these ads
image682

Pen Showcase NYT Crossword Puzzle App Released

A while back during Surface Pro 3 launch Microsoft showcased a special Crossword App from NYT that perfectly showed why Active Pen is not a pushover on a tablet. Doing Crossword puzzle on a tablet with a pen gives such a natural feel to it. It is like writing on paper. With handwriting recognition, a technology that Microsoft leads its competition decades ahead, the app can easily transcribe your written letters and numbers into digital formats that can be used in the crossword.

Following is the App description in the Store:

The best crossword in the world is better than ever! Enjoy the same puzzles printed in the daily newspaper on the only mobile crossword app built by The New York Times.

The New York Times Crossword is free to download, and all users get unlimited access to the daily puzzle and calendar archive for 7 days. After that, subscribe for full access to The Crossword on Windows 8 and at NYTimes.com.

PLAY ANYWHERE

Your subscription now gives you access to The Crossword on NYTimes.com at no additional charge! Just connect or create an account in your account settings and Play Anywhere. Your Windows puzzle progress will be saved and available on the web and vice versa!

DAILY PUZZLE

It’s the same puzzle that’s printed every day in The New York Times newspaper. All daily puzzles are available the previous day at 10p EST with a subscription, so enjoy Tuesday’s puzzle on Monday at 10p! Practice and learn how to solve the puzzle on Monday or Tuesday or challenge yourself with even harder puzzles later in the week.

PEN

If you have a Surface tablet, you can solve the way crosswords were meant to be solved: write directly on the puzzle as you would in the newspaper!

PAST PUZZLES

Subscribers also enjoy nearly 20 years of classic puzzles from our archives.

MODERN PUZZLE FEATURES

Solve puzzles that include new tricks like rebuses, highlighted or underlined squares, and more!

Feedback? Suggestions? Issues? Please contact us at NYTCrossword@NYTimes.com or from within the app itself. Your feedback is important to us and we’ll do our best to assist you.

Please note: subscription to The New York Times Crossword does not include access to any other New York Times products, including but not limited to NYTimes.com or mobile news content, e-reader editions, Times Premier, NYT Now, or any other apps.

Given the quality of this app, I am actually surprised New York Times is making it free of charge in the Store. This is rather unexpected, except if Microsoft delivered most of the man-hours on the app of course.

If you have a Surface Pro or any Windows device with a Pen, this was made for you. I guess Dell Venue Pro is gonna become a treasure now for Crosswords addicts who own the cheap device. Although if you don’t own a pen, you can still use the app with touch or also on a desktop as usual.

Go download the app now, courtesy of NYT and Microsoft I’m suspecting. Download via the following link:

Credit: Windows Store
http://apps.microsoft.com/windows/en-us/app/nyt-crossword/18fde24c-e748-482a-b2c1-e5a877e017b5

Microsoft Garage details Microsoft’s Cloud Security Strategy

I mentioned yesterday that Microsoft doesn’t hide the fact that any system can be broken, they embraced the fact and built their security initiatives that bad can and will happen to data. Now you can hear it for yourselves from a Lead Architect of Microsoft Cloud Computing platform Mark Russinovich. He was talking to Microsoft Garage series host today about how MS goes about protecting your data in the Cloud. Lets hope the competition are taking a page from this.

Now jump to 11:45 in the video and hear Mark confirm what I told you yesterday. MS assumes no matter how good your security is, it will be breached. You just have to mitigate to limit the damage. Go Microsoft.

Microsoft Details it’s Online Safety History

While Apple is today busy burying it’s head deeper into the sands, Microsoft chose to detail it’s track records with Online Safety initiatives of its Trustworthy Computing Policy efforts. What a marked difference between the two Internet giants. One is too busy denying they’re vulnerable, the other is accepting the fact that any system is vulnerable, you just do your best to protect your users.

Go see Microsoft’s efforts through the years on their Trustworthy Computing page. The fact that they chose today to come out with this news in contrast to Apple could be purely a coincidence, or genius plan of Microsoft to contrast itself since it gets neglected and ridiculed for its amazing efforts on security. Just download the Safety Milestone report alone (PDF), you’ll be amazed how far back this company has been dealing with security issues. The file is a treasure trove of information and a worthy perusal.

Now if only those in the distortion field would just wake up and read it. But then, it will remain a dream, for now.

Apple pushes its head further into the sand

Boy, I knew this was coming, still it was disappointment when it comes. The wait is over, Apple has come to town on the rootcause of the Celebrities nude breach, yes, it wasn’t Apple’s fault as usual. How could we have guessed different. Apple confirmed there was a breach, but it was because users were not using strong password, leading to folks being able to guess their passwords.

That a perpetual repetition of login attempt was used till the right password was found was not mentioned. And I meant perpetual repetition of dictionary words. Thousands, sometimes millions of guesses being passed to Apple system till the right one is passed and access is granted. Pray do tell, iCloud users, do you guess your logins a thousand times before you give up? No, no sane person would guess their own login that long. So why does Apple’s system allow it.

This is the 21st century, no self-respecting system allows more than 5 guesses before locking up access to the system. So why does script-kiddies succeed in guessing thousands and thousands of attempts at login. No, it is not Apples fault touting a security platform of the 80’s, it is the users fault for not using strong password.

But guess what? Apple will get another pass again. It is almost Keynote time at Apple’s, none of your favorite tech blogger will dare to question Apple for the fear of not being invited to the Church. I don’t blame Apple, I blame the teeming masses that continue to give Apple a pass in all its laxities.

Just like SSL bug, another ridicule is allowed to pass as water under the bridge. I just pity those poor users who doesn’t know better.

My final question to Apple: If your infra was not involved in this breach, why the need to ask your users of Find My Phone service to re-authenticate themselves yesterday? I thought all was good with the platform?

You can fool some people some time, but you can’t fool all the people, all the time. One day, they’ll see through your smoke screen. Yes, it wasn’t Apple’s fault, it’s the users’ fault for trusting them with their lives.

Apple Painted itself into a Corner

With all the nude leaks going on these last days, all linked to iCloud breach, and the thundering silence of Apple to respond officially to the allegations, I am smelling a rat. It is two days after the fact, and Apple is yet to go to town with their manipulative attitudes. That smells to me fishy. It is unlike Apple to keep quiet for so long. Even with a single gram of salt, they would have gone to town in damage-control mode.

All these points as far as I am concerned to the fact the damage is so tremendous, that it requires special handling. You see the problem is, this is Apple that told the world they are the “most secured” platform on planet earth. The SwitcherAds adage still rings in the ear with “We are Apple, we don’t get viruses” pompous exclamation.

This very hubris is turning out now to be the Apple’s downfall in security. When you’ve conditioned the world to accept that you’re invincible and all bullets just bounce off you thick hide, then it is difficult to now turn around and confess to the world that your platform is as porous as any other’s on the planet.

Once is an accident, twice is a curiosity, thrice is a habit. The number of Security breaches taking place in Apple’s paradise is becoming epidemic. The laxity of Apple to build security into it’s product at foundational level is now coming back to bite them where it hurts most.

We’ve told the masses that there is not a single company that knows security like Microsoft. When you’re the planet’s atlas, carrying 90% of the world OS usage on your shoulder, you’re the big target for malicious hackers. Microsoft has learnt its lessons by pressing the reset button with its Secured Computing initiative in the Vista timeframe. Right now, they are centuries ahead of competition in security. We’ve told you all along, now we’re being vindicated.

Who are you going to trust with your precious data in the Cloud. Well my choice is clear. My choice goes to that company that has been battle-tested, and so should yours. Now let’s continue to wait on Apple’s spin-doctors, to see which diversionary tactics they’re going to employ this time around.

Image Credits:

From <http://thestickmanspeaks.files.wordpress.com/2011/02/painted-into-a-corner.jpg>

Dusting off McAkins Online

Credits: TQN.com

Ladies and gentlemen, we want to thank you for your patience with us for going AWoL on you these past two months. Naz was going through physical expatriation, and I was going through a hard time at work before going on a much deserved vacation of full 4-weeks.

Those of you that follow us on Twitter of course know I was doing micro-blogging the whole time. I just didn’t have the time nor the energy to write full quality blog posts like you’re used to from us.

Naz and I are now finally settling down. We promise to start bringing back awesome to McAkins Online. We thank @MajorSky17 for filling the gaps for us in our absence with nostalgic news videos about past Microsoft OSes. Now we are all back, and ready to bring you the usual Tech news from around the world.

Thank you and stay tuned.

Windows Fundamentals For Legacy PCs

 

In this bonus episode, I take a look at Windows Fundamentals For Legacy PCs (“FLP”), a little-known official Microsoft modification of Windows XP, designed for businesses still using hardware designed for Windows 9x to be able to run a more modern, safe and stable OS on their PCs. I end with a little fun trying to run the system on 64MB and 32MB RAM to see what happens. Continue reading

Windows XP Build 2481: “The Homestead Run”

In this video I wrap up our tour of the development of Windows XP with build number 2481, a pre-RTM build that heralded the completion of the GUI and out-of-box hardware compatibility for Windows XP, and was handed out to testers on 1st June 2001. Over the next few months, compiled builds were virtually identical and their primary function was to root out any last minute bugs that might wreak havoc on the projected release date of 25th October 2001. Thankfully, XP shipped as planned on this date, and firmly took its place in history as one of the most well-loved Windows operating systems. Continue reading

Windows XP Build 2475: “XP Finds Its Identity”

In this video I demonstrate the setup and UI of Windows Whistler build 2475 – one of the first builds of Windows Whistler to identify itself by the operating system’s recently-announced official name, “Windows XP”. This build was released to testers on 24th May 2001. Continue reading

Windows XP Build 2428: “Welcome To Windows, Luna”

In this video I demonstrate the setup and UI of Windows Whistler build 2428 (beta 2) which would eventually evolve into Windows XP. This build was shown to reviewers on 9th February 2001 – the same day that Microsoft announced the official name of Whistler – “Windows XP”. Continue reading

Windows XP Build 2419: “Hello World!”

In this video I demonstrate the setup and UI of Windows Whistler build 2419 – the third post-Beta 1 build of Whistler – which would eventually evolve into Windows XP. This build was first released to testers on 23rd January 2001 and was one of four post-Beta 1, pre-Beta 2 builds. Continue reading

Technology our Passion, Information our Mission.

Follow

Get every new post delivered to your Inbox.

Join 569 other followers

%d bloggers like this: