Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

New security steps for linked Skype and Microsoft accounts

November 23rd 2016 in safety and privacy on the Internet, Security

I received a spam message via Skype today from a person who I normally think of as too sophisticated to do something silly like re-use passwords.  And heard of another person who had also been compromised, but had absolutely no idea how it may have happened.

I learned as part of my research into what may have been the source of the compromises that if you have previously linked your Skype and Microsoft accounts, and have enabled two factor authentication for the Microsoft account, bad guys can still get access to your Skype if they have your old Skype username and password, because that log in path is not protected by the 2FA for Microsoft accounts.

There is a fix however – “merging” the two accounts, which is not the same as “linking” – details are here:

http://www.theverge.com/2016/11/8/13561024/microsoft-skype-baidu-linkedin-hack

You’ll end up with just the one password for both your Skype and Microsoft accounts – the Microsoft account password – and apparently you will now be protected by the 2FA even when you use your old Skype username to log in.


Comments are closed.

The Kryptowire article can be seen here: http://www.kryptowire.com/adups_security_analysis.html

Adups response can be found here: http://www.adups.com/article/show_article.php?id=162

Previous Entry

Discovery by Red Canary:
https://blog.redcanary.com/ask-partner-network-compromise

“On 5 November, Red Canary detected suspicious activity associated with Windows applications distributed by the Ask Partner Network (a.k.a. APN, Ask.com, or simply Ask). Upon further inspection, we discovered that Ask’s software was being co-opted by a malicious actor to execute malicious software on victims’ endpoints. “

Next Entry

Archives