Biggest Microsoft Security Lapse in Recent History – Skype’s achilles heel

1 Comment

Yet again I come to you with rant, but this time seems like the reason is Microsoft’s huge lapse in basic Skype account security. Probably like mst of you, I have created my Skype account Many years ago.

About a week ago a message popped up on my phone (where Skype is installed also) saying that my account is now suspended. Surprised, I followed their instructions to fill out Microsoft support “Un-suspend form”. That only prompted email 24 hours later requesting an even Bigger un-suspend form for me to fill.

I of course suspected potential Skype account compromise from the beginning, but checking history of access in my Microsoft account showed no unusual activity. I have switched to using my Microsoft user the moment Microsoft started the migration from Skype to Microsoft accounts.

This ridiculous cycle continues now for 3 or 4 times at least. I fill out same Un-suspend form that Skype support emails me, and they email me same form link again 24 hours later, asking me to fill it out. Worse yet, it is clear that they aren’t even trying to read anything I write, as every time they say “be sure to request password reset”, which is not at all what I need! I fully know my password and confirmed that it’s fully secure!

So I took a step back and analyzed things further and the only logical conclusion is that Microsoft is STILL allowing login to Skype using 10 year old credentials that existed before Microsoft accounts! Worse yet, Even for users that already migrated away from using Skype login, the old Insecure password!

I am pretty sure that by now, with so many industry compromises, old insecure passwords some of us used 10+ years back are “Floating” out there for sale or otherwise. For Microsoft to allow that old login to still be active is borderline Criminal! There are no indications in one’s Skype account that old Skype credentials stay active, nor Ever any requests to update/replace that old password yearly. To confirm my theory I in-fact tried to login with those old insecure credentials, only to see that I do still go through and face the evil “Account Suspended” message!!!

Skype provides no customer service phone number to contact, not even Chat support. Their email/forms to fill out only return after 24 hours or so, and as mentioned, no-one even tries to read what I put on that form. Truth is, there isn’t much for me to fill out in that form. It asks what month and year did I open my account – would any of us remember? It also asks about any financial transactions I made with Skype, which I never did (since other VoIP services were always cheaper and more convenient, working from real phones). It asks for date of birth, which I never submitted to Skype as even back in a day I registered I already was concerned with online security. It asks for billing address, which they obviously don’t have because again – I never paid for anything. So that form is fully useless, of course, as seems to be their whole customer service. Sadly, Microsoft is probably paying good money for that “offshore support” (responses always come at night), but obviously they don’t have any iota of understanding how to actually provide it or even when to know to escalate to someone who can help.

I will update this post if something develops, but meanwhile – here’s something you should do Right Now. If you have registered like me, Many Years Ago, go to Skype.com and see if there is any way to change/disable any old credentials you may have used before switching to secure Microsoft account. If there isn’t any way to disable that old insecure login, at least see if you can change that old password to some jumble of letters and digits, that won’t be easy to crack as our 1999 passwords used to be…

UPDATE: I was finally able to restore my Skype access. It is as I suspected, the old Skype account is still active “underneath Microsoft account”, even if you never use it. Please ensure it has complex or even “random jumble” style password. Furthermore, looks like Skype’s own password policy has been greatly improved over the years and my old password was Not Even Nearly secure enough to meet their current policies. However, there was never an alert to change it, not a single email reminding me that old password is too short or too old. Nor any notice ever came out when new device in Africa logged into my account – not a single email on that. So Skype seriously needs to update their security practices, and so should we all.

Tivo Disaster – If it Ain’t Broke, Why Fix It?

Comments Off on Tivo Disaster – If it Ain’t Broke, Why Fix It?

It is really basic premise, and I didn’t even invent it. Alas I have to warn other potential Tivo customers, after giving company many chances to make things right and a month of monumental efforts (mostly mine). Also, this is Not an investment advice regarding Tivo Inc (NASDAQ:TIVO).

We are long time Tivo customers and advocates and have 2 units at home which we enjoyed for many years. Recently, after HDMI output on our newer Tivo HD unit broke, we decided to upgrade to latest Tivo Premiere. We were disappointed to learn of increased monthly fee, but we finally decided that even with Many Great alternatives out there, we prefer the time-tested convenience of a Tivo box. Our new Premiere unit arrived as advertised and I promptly began the monumental effort needed to set it up and transfer data from our existing unit.

The manual transfer of previous recording that we didn’t watch yet is long and tedious process which could have easily been automated in about 1 week of effort for average developer IMHO. Instead I have to go through 3 screens of prompts for Every Single Show I have on the box. Few days (literally) later, I finally got that out of the way, so I set to transfer Season Passes. “Luckily” there is a handy Season Pass Manager on Tivo.com, I thought, but this is where the first big disaster hit! After reporting that many season passes cannot be transferred because there are no upcoming airing in the next 2 weeks, even remaining shows that supposedly should transfer did not arrive on the Tivo Premiere. Instead, I was greeted with countless “corrupt, delete me” entries on the Tivo box.

Tivo Fail SmallerAs I tried to recover from this by transferring only few shows at a time, Tivo website went completely nuts. Many reboots, Re-Syncs and support calls later – I was told to stop trying and just manually re-create our 150 passes… Naively I tried that as well, just for a bit, as I quickly discovered that Glee show (in Tivo’s own Top 5 Most Popular list and one of our favorites) Cannot Be Subscribed To! It simply pops up with “No Airings In the Next Two Weeks” error. I guess I naively thought that ability to keep your favorite show subscriptions was Tivo’s big selling point.

Tivo Fail Smaller 2Meanwhile we started noticing many other things wrong with our “shiny new” Tivo. For the first week over 30 channels were completely missing their guide. I went through different troubleshooting steps daily with various Tivo techs, to no avail. Finally, I figured it out all by myself, managing to restore that part of functionality by repeating guided setup steps.

Still, there were many other issues – worse among them is the jumping screen and skipping video, especially if recording on the same channel as watching. Well, after some more calls, one of the techs suggested that perhaps we got a bad one and they will be happy to replace our new purchase. Reluctantly I agreed and another week later we received a Refurbished Tivo premiere unit (What??!?). Being at complete dead-end with options I spent Another Week transferring shows and doing CableCard pairing. Well, today I switched out the units and we were able to confirm most of the same issues on this Tivo Premiere as well.

As you can tell, we are still in shock and not sure where to go from here. It is very hard to justify monthly payment to Tivo when our experience with the unit is so horrid. As an aside, their whole Tivo Stream as a separate Expensive and Intrusive box is just another insult, since Tivo Premiere already comes with high speed network connection, and records everything digitally.

Back To My Big Question Why Mess with what Is Not Broken!? We used Tivo HD and previous Tivo units for years and Never had these issues! This is with same CableCard and Cable connection, so they really can’t blame Comcast here! In fact, many issues are clearly Software Defects! It also becomes obvious that they lost all their good developers once you try their iPad Tivo client. While showing some promise, it promptly underwhelms you with limited features, constant crashes, disconnects and endless “refresh” loops. Tivo Inc’s company appeal over other Cable boxes Always Was their Software! How On Earth would they allow themselves to totally “rewrite” software for this new box and introduce so Many New Bugs and such a Poor User Experience!!?!?

PS: I ordered HDHomeRun Prime now and look forward to posting my experience here

How to Print To your iPhone or Android Phone

Comments Off on How to Print To your iPhone or Android Phone

Microsoft SkyDriveYes, this is not a typo – printing To your iPhone, I know it sounds weird! It is actually very handy, saves plenty of trees and makes “printouts” easier to carry around and find in the future. There are specific cases where you want to “print” a confirmation of an appointment from a website, both to remind yourself and to show at the business you are heading to. Other times it could be a receipt for online order, or any other “generated” page which you can’t easily link to, but may need to reference in the future. Some places will accept coupon printed this way, where you can simply show it to the cashier or scan it from the phone.

Step 1 – If you don’t already have one, get a free account with Skydrive, Dropbox or Google Drive. Right now Skydrive gives most free space while Dropbox had more native clients for iOS, Android and many others. For those unfamiliar with this category – this basically creates a file system in the cloud, where everything you drop into special folder gets synchronized

Step 2 – Works best from Chrome browser, because it has excellent Save As Pdf feature in the Print window! If you are on the Mac, Print window for Everything comes with Save As Pdf button. Finally, on Windows you can install PDF driver, like this PDFCreator which is open source and free. Then, simply Print to it from any App.

Step 3 – Save the PDF into a Dropbox (or Skydrive, etc) folder on your computer. I recommend you actually organize things with subfolders into categories. I have Confirmations, Coupons, Manuals, eBooks, etc.

Google Drive and SyncStep 4 – Open the Dropbox (or Skydrive, Google Drive, etc) dedicated client on your iPhone and just access the PDF whenever needed. Depending on the client app, you may need to “pre-download” the file before going out of Data range or on a flight.

In fact, you can use this simple trick instead of things like Instapaper, Readability and others. There’s really nothing wrong with these other options, I just find that having too many accounts and places to keep information is distracting and chaotic. If anything, Evernote is the one you should consider. Coupled with Clearly addon, it is sometimes better way to save large articles for later offline reading.

There are tons of Free eBook PDFs online: educational, fun and classics. Simply download and drop into your Cloud folder – Voila.

My Sandbox! (aka: Liability Fiasco)

Comments Off on My Sandbox! (aka: Liability Fiasco)

Mac App Store IconIt is that time again – time to decide how much credit we should allot to our users, versus how much we should “protect the user from him/her self”. Ah, the eternal dilemma – but wait, Apple to the rescue? Didn’t they pioneer the “we know what you want better than you do” model?

Actually, today’s post is a bit more technical than that simple discussion, but stick around and join the discussion, you’re sure to learn something (and contribute!)

The latest news from our (recently) beloved Apple is that (amazing) Sandbox technology is on the horizon, which will run App Store apps inside their own Sandboxes. Here are few words about sandboxing – it is basically a mechanism for computer to protect itself (and the user) from (potentially) malicious or misbehaving application that user wants to use. As security experts will tell you, there are plenty of supposedly useful applications which are just a (shameless) wrapper around virus delivery mechanism or an even simpler system that quietly looks at what you browsing to and captures user/pass you put into your (financial) website and silently sends it via the Internet to the perpetrator. After reading some interesting discussion on the subject, I decided to weigh in here.

Granted – I am as paranoid as the next guy, and you should ALWAYS know the source of Any Application you download and (even try to) run. And the issue is complex, as so far all I have seen is that users become mostly victims of increased security – how often did you call your bank because you forgot your password?! In fact, I once left a financial institution because their login procedure became 5 screens long, with pictures, symbols, pins, sentences, etc…

The punch line: if Apple Approves an App and grants it Sandbox Permissions, but later we discover that App still had Malicious Password stealer hidden deep inside? I say – We Sue Them! They performed a Paid service — developers Pay to get into App store and share cut of profit. Given that the aforementioned paid service had Primary purpose of Vetting an app for our (naive) users’ consumption, I see door wide open for Class Action. Seriously, given the size of Fiasco (millions of accounts stolen?), no 100 page License agreements we all carelessly click through will protect them.

So, Apple – for your own good – let the users free! Or better yet – Respect that they (sometimes) know what they’re doing!

Turning Point – Steve Jobs Book Purchase

4 Comments

Steve Jobs Book CoverShort post – more of a call to arms, to discuss burning point for many people today. That is, What Platform to choose to purchase this iconic Steve Jobs biography eBook. I am completely at a loss – what could have been price war between heavyweights in this category, turned into a paralyzing situation for consumers (like me) preventing our purchase completely. My interpretation is that Publisher insisted on same pricing across all platforms! What Gives?

Anyhow, let’s recap the contenders

  • Kindle – Interestingly, I don’t own any – and yet I have Tons of options for reading Kindle books (iPhone, Tablet, PC, Mac, etc) and already own many books on the platform. This is truly an achievement, which I applaud Amazon for!
  • Nook – I really have nothing against them, but I have virtually no prior books on the platform and no dedicated eInk reader. Still, their readers looking better all the time and they caught up to Amazon with Nook software reader being available on most platforms. Good job, B&N!
  • Kobo – Once partner of failed Borders, is an independent maker of eInk devices and the software platform. They are also present on many platforms and ironically I do own that eInk reader I picked up at Borders closeout. We use it once in a while, but who knows about long term prospects?

Not in the running:

  • iBooks – Apple insists on closed platform ways – show me Android iBooks reader? Or how about PC reader? And not even corporate discount Winking smile Nope, no go…
  • Google Books – Serious contender and I am glad to see they have the book available. Brand is strong with this one, but I just don’t know if this is another “Google experiment” with books, or are they in it for the long haul? Plus, no native clients on laptops detracts from reading experience a bit – although Web reader is mighty enticing. In fact, I almost forgot about this option…
  • Microsoft eReader – Um, anyone remembers this one exists? Exactly…
  • Adobe Digital Editions – I don’t even know if any store uses this… In fact, Adobe themselves didn’t post this free eReader on their Download page – seriously?!?!

So, chime in – help me decide. Weigh in your Pros and Cons and tell me where you got this book, and why! And yea, I am so crippled with this decision that I walked into retail store to buy Real hardcover. But then I got sticker-shock – where B&N employee politely explained to me that their pricing is completely different from their own Web pricing and That’s that.

Seriously – we have industry behemoths trying to set platform trends for ages to come, where should we vote with our cash – and WHY ON EARTH would publisher insist on fixed pricing!!?! I am certain everyone would be selling this one At A Loss at this ciritcal platforms’ junction, given a chance.

Older Entries