Until now, attackers could lock account owners out of their accounts by gaining access to the password (for example by phishing, trojans or unencrypted wireless networks) and changing this password after sign-in. When the true owner did not have any alternate e-mail address on file and forgotten the security question, accessing the e-mail account was not possible anymore.

Now, Microsoft is adding sending of password reset codes via SMS to help users regain control over their accounts in case of emergency. To activate this feature, you have to tell Hotmail your mobile phone number before anything happens. The SMS contains a code that you can use to have your password reset on the recovery pages.

Furthermore, a new feature called “Trusted PC” is added. You can use it to link a specific computer with your Hotmail account and thus helps you to reset the password in case you need to. So, the features are useful for people who keep forgetting their passwords, too.

To protect the new features from being manipulated by intruding people, you cannot change one option without confirming your change by means of a different option. “For example, if your account was already set up with an alternate email proof and you wanted to add a cell phone number as well, you would need to use the alternate email address to do it,” explains John Scarrow, General Manager Safety Services. “This means that even if a hijacker steals your password, they can’t lock you out of your account or create backdoors for themselves. You will always be able to get your account back and kick the hijackers out.”

Finally, Microsoft announced that connections to Hotmail will be encryted with SSL completely, not only the sign-in procedure, like until now.

Even when you forgot your password, there are ways to get access to your account back. In order to be able to make full use of these ways, please concentrate on setting up additional personal information. This will help the support team to make sure that it is really you who wants to get access to your account.

You should know the following information regarding your account:

• Alternate e-mail addressIn your profile, you should add an alternate e-mail address. In case you forget your password, you can have a password reset link sent to this address.
• Secret question and answerYou can have Windows Live ask you a question whose answer can only be given by you. When you want to have your password reset, you have to enter this answer. You can view and change your secret question.
  Watch out: This answer is as important as your password! Never tell anybody about it!

• Personal folders at HotmailIn your Hotmail inbox, create some personal folders with unique, uncommon names. Later you can tell the support their names for identification purposes.
• Mobile numberYou may also enter your mobile number, and make use of this number to access your account and prove your ownership at the Windows Live support. Same rule applies: Do not publish your mobile number on the web!

A summary of your Windows Live account is available as well.

¿Qué estás haciendo?

1. Open http://twitter.com/ in your favorite browser.
2. Sign in or create a free account.
3. On the top navigation, click Settings.
4. Scroll down to Language, and choose Spanish – español.
5. Click Save.

Some thoughts on compromised accounts

If you recently had to change your Twitter password because somebody had unauthorized access to it (e.g. you tried a third-party service that resulted in being a spammer service), you should know that you are not in complete control over your account yet.  Why?  The key to this security problem lies in OAuth.  OAuth is the authorization system that allows third-party services access to your account without needing to know your password.  So, in theory, the service you have tried might have authorized a bad service of their own using OAuth.  Then, even after you changed your password, this service still has access to your account.

While Yahoo offers to revoke granted permissions when resetting your password, Twitter currently does not.  Until Twitter adds this feature, you should always look through the list of applications have access to your account via OAuth, after you changed your password.  To do this, follow these steps:

1. Open http://twitter.com/.
2. Sign in with your Twitter account and password.
3. On the top menu, click Settings.
4. Switch to the Connections tab.
5. Go through the list and revoke access for any application that you do not know or trust.
6. Now you should be on the safe side.

1. Open the registry.
   • Windows XP: Click Start, Run. Enter regedit, then click OK.
   • Windows Vista: Click Start, type regedit into the search box, then press Enter.
2. Now open the folder User Shell Folders. Use the following path: HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/User Shell Folders.
3. Now, a list with several entries appears on the right side. Double-click AppData.
4. At Value, enter the following and click OK:
   • Windows XP: %USERPROFILE%\Application Data
   • Windows Vista: %USERPROFILE%\AppData\Roaming
5. In Windows Vista, do the same for the entry Local AppData with its value %USERPROFILE%\AppData\Local.
6. Close Windows Registry Editor, and reboot your computer.

Source: http://messengermaximal.spaces.live.com/blog/cns!40F43EC9BA81D814!8064.entry

1. Open the Windows Live account center at https://account.live.com/ChangePassword.aspx.
2. If prompted, sign in using your Windows Live ID (e-mail address) and your existing password.
3. Make especially sure that you are seeing the Extended Validation certificate information (the name “Microsoft Corporation (US)”) in your browser address bar, as well as that the address starts with “https://login.live.com/”.

   

4. After sign-in, you should see the following page:

   

5. Before typing your new password, again make sure that the connection is encrypted properly. If you are using Internet Explorer, the address bar should look like this:

   

6. Enter your current password once, and your desired new password twice. While you type, watch the password strength indicator. The greener it is, the safer is your password. Wondering how to create a strong password? I will talk about this topic in an upcoming post.
7. To get reminded every 72 days to change your password, check the corresponding check box.
8. Finally, click Save, and don’t forget to sign out properly so nobody can take over your account.

We immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.

On October 1, data sets of customers whose e-mail addresses start with A or B had been published on pastebin.com, a service storing any kind of text snippets. According to Microsoft, the data are like to have been stolen with a widespread phishing attack. In the meantime, the Windows Live team has locked access to all compromised accounts, whose domains ended in hotmail.com, msn.com and live.com.

Make your Windows Live Hotmail account safe

If your account has been locked by Microsoft to prevent abuse, follow these simple steps to unlock it:

1. Open the site https://support.live.com/eform.aspx?productKey=wlidvalidation&ct=eformcs&scrx=1.
2. Fill in the form as accurately as possible, then submit it.

What to think about

• Make sure to renew your Hotmail password every 90 days. I will write a step-by-step guide about this shortly.
• You cannot find out whether a contact of yours has blocked you in Windows Live Messenger. Sites and services claiming to be able to tell you this are fake and were only created to steal your Windows Live password.
• Enter your Windows Live password only on websites when the URL starts with “https://login.live.com/” and is marked by a valid security certificate.
• Install and keep your anti-virus software up-to-date, e.g. by using Microsoft Security Essentials.
• If you use the same password for other services, too (not recommended anyways!), change it there.

Riconoscimento posta indesiderata

Una tipica virus mail ha un titolo di soggetto arcano, come “Buono shopping, buon umore” e un messaggio amichevole che ti inviterà a visitare il sito web del mittente. Comunque, cliccando su un qualsiasi link contenuto nel messaggio, verrà scaricato sul tuo pc una copia del worm del dirottatore, il quale riunirà tutta la tua agenda e si diffonderà a tutti i tuoi amici.

Proteggere te stesso e stare sicuro

• Usa un anti-virus e un programma anti-malware. (Non usare due programmi anti-virus concorrenti.)
• Tieni il tuo software aggiornato con le ultime definizioni dei virus.
• Fai attenzione mentre apri messaggi con link di siti web all’interno.
• Verifica sempre i link inseriti: Passa il tuo mouse sopra il link e verifica che nella barra di stato del tuo browser ci sia scritto lo stesso URL che è stato scritto nel messaggio.
• Non inserire il tuo Windows Live ID o qualsiasi altra informazione personale su un sito che hai aperto tramite link. Se vuoi accedere ad un sito, aprilo tramite i tuoi segnalibri (Preferiti) o, ancora meglio, scrivi direttamente l’indirizzo del sito web nella barra indirizzi del tuo browser.
• Non aprire nessun allegato di posta se non hai chiesto di farti inviare qualcosa.
• Una volta identificata una mail spam, eliminala, e cancella il Cestino delle mail.
• Tieni il tuo computer aggiornato con gli ultimi aggiornamenti disponibili di Windows Updates.

Trova altre informazioni sul sito Windows Live Help Safety Solutions.

1. Non cliccare ogni link che si riceve.
   Attenzione ai messaggi strani, anche quando sono inviati da contatti che conosci. Ci sono malintenzionati che tentano di rubare le password dei Windows Live ID inviando messaggi non richiesti, anche conosciuti come SPIM. (Leggi altro a riguardo.)
2. Non accettare tutti i contatti che ti aggiungono.
   Stai attento quando la gente ti aggiunge alla lista contatti. Conosci veramente chi è? Prima di parlare intensamente con nuovi amici, chiediti: “Inviterei mai questa persona a casa mia, nella vita reale?” Se sei in dubbio, allora perché conoscerlo virtualmente.
3. Pensa prima di inviare informazioni personali agli amici.
   Vorresti annotare il tuo numero di cellulare su un pezzo di carta ed attaccarlo nella piazza della tua città? No? Quindi capisci quanto è vitale stare attenti sulle informazioni personali condivise con persone che non conosci realmente, specialmente il vero nome, l’indirizzo, la data di nascita oppure il numero di telefono. Microsoft o Windows Live non ti contatteranno mai per chiederti la password del Windows Live ID, quindi non rivelare mai a nessuno la tua password, a prescindere da chi te la chiede.
4. Non accettare alla cieca tutti i file che ti inviano.
   I file sono la paggiore cosa, quando provengono da virus pericolosi. Accetta solo file di cui conosci il contenuto e accetta solo file inviati da persone che conosci e di cui ti fidi. Usa sempre uno scanner antivirus per evitare varie infezioni del tuo sistema. Assicurati di fare un back-up di tutti i dati importanti sul tuo computer su un’unità esterna che non è sempre connessa al pc.
5. Usa il buon senso.
   Se qualcosa ti suona troppo buono per essere vero, è troppo buono per essere vero.

Windows Live Messenger could not sign you in because the Windows Live ID does not exist or is incorrect. If you have forgotten your password, click Forgot your password? at the bottom of the main Messenger window.

You cannot sign in to Messenger because all you see when you try to sign in is the error code 80048821? You can resolve this issue by resetting the stored sign-in data. Have a look at the steps.

• Browse to https://account.live.com/.
• Click on the link Sign in with different account.
• Enter your Windows Live ID, that is, the address you are using to sign in to Messenger, and the corresponding password.
• Click Sign in to check if you are able to sign in correctly.
• If it doesn’t work, try to reset your password. That works like this:
  • Browse to https://account.live.com/.
  • Click on Sign in with different account.
  • Enter your Windows Live ID, then click Forgot your password?.
  • A wizard appears. Follow its steps to reset your password.
  • If you need help with resetting your password because you have forgotten the secret question and its answer, or the alternative e-mail address, please contact the Windows Live ID support by browsing to http://support.live.com/ and choosing Windows Live ID.
  • After you have reset your password successfully, go to the next step described here.
• After you have succeeded to sign in to your account, remove the stored sign-in information, and enter them again. Do this:
  • In the Windows Live Messenger sign-in window, open the e-mail dropdown and click your Windows Live ID (Messenger address). When you clicked it, click the small arrow next to the status selector, and choose Forget me.
  • Now enter your e-mail address and its password.
  • Check the two checkboxes Remember me and Remember my password.
  • Click Sign in and check if that works now.
• If you still cannot sign in to Messenger, please contact the Windows Live support at http://support.live.com/ and tell them you have already done the above steps.

Source:
http://messengermaximal.spaces.live.com/Blog/cns!40F43EC9BA81D814!6003.entry
http://messenger-support.spaces.live.com/blog/cns!8B3F39C76A8B853F!13934.entry

Messaging spam, sometimes called SPIM, is a type of spam targeting users of instant messaging (IM) services. SPIM is more than just an annoyance. It’s a serious threat to online privacy and security. SPIM campaigns that employ phishing tactics to get your account information can put all the personal information associated with your account at risk.

Today, Microsoft has filed a civil lawsuit against several people and businesses in which they are alleged to undermine the security and privacy of Windows Live customers. This case alleges that the defendants engaged in instant messaging spam and phishing on Windows Live Messenger.

Funmobile Ltd., a Hong Kong-based company owned by brothers Christian and Henrick Heilesen, has spimmed thousands of Windows Live Messenger customers since March 2009. Customers who clicked on the link in the bogus instant messages sent by Funmobile were then “phished”— that is, asked for their IM username and password to log in, according to the complaint. Those who provided the log-in information were often redirected to an adult Web site or, in some cases, a site that claimed to be a social networking community for Windows Live Messenger users.

Meanwhile, Microsoft alleges, the defendants collected the wrongfully-obtained usernames and passwords and used them to access Microsoft’s proprietary systems and our customers’ accounts. They then “scraped” or “harvested” the contacts within each user’s account, and sent unsolicited bulk IMs to each of his or her contacts.

Protect yourself against SPIM

• Do NOT click any SPIM links you receive, but close the conversation window.
• Tell your friend that you have received SPIM from his account.
• Change your Windows Live ID password. (Change your password here.)
• Do not tell your password anybody.
• Only enter your password on a website where you see the green encryption mark in its title bar. The address should always start with “https://login.live.com”.
• Remember to sign out properly after chatting at public places.
• Check your hard disk for viruses.

Sources:
http://windowslivewire.spaces.live.com/Blog/cns!2F7EB29B42641D59!41246.entry
http://microsoftontheissues.com/cs/blogs/mscorp/archive/2009/07/16/saying-no-to-spim.aspx

Once upon a time, web servers were invented. These used to serve first static, then dynamic content to clients, to us. The basis was simple: a small group of people, the providers, created web content, while the vast majority of us were consumers, readers, downloaders—users. Web servers and clients were designed to suit just these needs.

Then, Web 2.0 came up, along with the idea of contributing to form the web. The idea behind it changed from producers and consumers to “Everybody is a contributor”; the web starts to become a huge whiteboard. Web servers and client browsers do not match the idea anymore—if everybody can be a contributor, every web browser should be able to be a web server.

This is where Opera Unite kicks in. Once Opera runs and once you are connected to Unite with your Opera ID, everybody can access the services you launch. Of course, you can define which people can access which services.

Opera Unite features

• File Sharing of any folder you choose,
• Whiteboard messaging (“Fridge”),
• Media Player streaming any music you choose from your disk,
• Photo Sharing of your newest albums,
• integrated chat room module (“The Lounge”),
• and a small Web Server for your convenience.

Opera Unite and Windows Live Wave 4—what are we going to see?

Could Opera Unite get a competition to Windows Live?

Sharing your own content easily was the goal behind Opera Unite. Sharing your content easily, and access it from anywhere—that’s the goal behind Windows Live Mesh, that will get integrated into the next release of Windows Live programs for your computer, called “Essentials”. What are the differences between Opera Unite and Windows Live Wave 4?

*) Please note: Windows Live Wave 4 is the code name of the next release that the Windows Live Team is currently working on. As it is a product in development, the information might be incomplete or erroneous and is subject to change.

Then I remembered a feature in the script Music Now Playing, which had impressed me some time ago when I saw it: Online backup, automatic. After that, I played around further with PHP and some JScript, and the result is PrefsBackup, a new Messenger Plus! script (still in beta).

The easy way: PrefsBackup

With this script, backing up your Messenger Plus! settings is as easy as nothing. Follow these simple steps:

1. Download and import PrefsBackup.
2. Choose for which Windows Live IDs (Messenger accounts) you want to enable the script.
3. Read the changelog, and confirm that you understand that the script is still beta.
4. Now open the scripts menu, and choose “PrefsBackup > Backup preferences…”.
5. The first time you do this, you will be asked for a new password and an alternate e-mail address in case you forget it. The password is used to protect your preferences from theft.
6. Oh, and since this is a beta, you will need an invite code once for each Windows Live ID. In the next time, you will see several websites offering a bunch of invite codes, but in case you didn’t catch one: e-mail mynetx Creations at scripts@mynetx.net to apply for an invite code.
   Remember: First-come, first-served.
7. You might also try if one of the following invites still work:
   733da5d3, d26fdbae, d8bd91f8, 57e5c6b1, 828060c0, 53efc6c2, e95e5f75, ba349d68, 85e3e08b, 9f337066

Free download: PrefsBackup 1.0.5
Any questions, ideas, suggestions or problems: mail us!

Now, I’ve got a new dance for y’all called the Soulja Boy. Oh, wait, no, sorry. The OAuth beta is now open to all developers, though.

This was the small tweet by Alex Payne, Twitter’s API Lead, announcing the general availablility of OAuth for Twitter, last Monday. OAuth, designed for Single Sign-Ons on third-party websites, removes the security concern of having to enter your Twitter username and password on such websites. Instead, you can now register applications to use the OAuth API.

Welcome to the Developer Beta of the Twitter Application Platform! We’re just getting started, but we thought we’d start releasing components that will help you, the developers, connect your users with the world, right now.

For starters, we’re allowing you to both register your application here, as well as providing an improved Authentication System, OAuth. To read more about how this help both you and your users, please visit http://oauth.net.

Enjoy! And please report any bugs or general feedback to api@twitter.com.

OAuth is an open standard for online authentication. It enables a user who stores information such as a password on a particular Web site to then authorize yet another site to access that data, all the while not sharing the user’s identity with that site. Twitter OAuth had been offered to some developers in a closed beta a few weeks ago, according to Twitter’s OAuth FAQ.

Visit Twitter.com

How to use POP with Hotmail

I will show you the example of Microsoft Office Outlook 2007, but other mail clients are similar.

1. Click “Tools”, “Account Settings…”.
2. On the “E-mail” tab, click “New…”.
3. If you are prompted to “Choose E-mail Service”, select “Microsoft Exchange, POP3, IMAP, or HTTP”, and click “Next”.
4. Check the checkbox at “Manually configure server settings or additional server types”, and click “Next”.
5. Select “Internet e-mail” and click “Next”.
6. In the section “User Information”, enter your name and your Hotmail address.
7. In the section “Server Information”, select “POP3” as “Account Type”, enter “pop3.live.com” as “Incoming mail server” and “smtp.live.com” as “Outgoing mail server”.
8. “Logon Information” are your Hotmail address (including @hotmail.com or @live.com), along with your password.
9. Now click the button “More Settings…”, and switch to the “Outgoing Server” tab.
10. Check the checkbox “My outgoing server (SMTP) requires authentication”.
11. On the “Advanced” tab, at “Incoming server (POP3)”, check the checkbox “This server requires an encrypted connection (SSL)”.
12. At “Outgoing server (SMTP)”, open the select box “Use the following type of encrypted connection”, and choose “TLS”.
13. Now click “OK”, “Next” and “Finish”. You’re done!