Biggest Microsoft Security Lapse in Recent History – Skype’s achilles heel

1 Comment

Yet again I come to you with rant, but this time seems like the reason is Microsoft’s huge lapse in basic Skype account security. Probably like mst of you, I have created my Skype account Many years ago.

About a week ago a message popped up on my phone (where Skype is installed also) saying that my account is now suspended. Surprised, I followed their instructions to fill out Microsoft support “Un-suspend form”. That only prompted email 24 hours later requesting an even Bigger un-suspend form for me to fill.

I of course suspected potential Skype account compromise from the beginning, but checking history of access in my Microsoft account showed no unusual activity. I have switched to using my Microsoft user the moment Microsoft started the migration from Skype to Microsoft accounts.

This ridiculous cycle continues now for 3 or 4 times at least. I fill out same Un-suspend form that Skype support emails me, and they email me same form link again 24 hours later, asking me to fill it out. Worse yet, it is clear that they aren’t even trying to read anything I write, as every time they say “be sure to request password reset”, which is not at all what I need! I fully know my password and confirmed that it’s fully secure!

So I took a step back and analyzed things further and the only logical conclusion is that Microsoft is STILL allowing login to Skype using 10 year old credentials that existed before Microsoft accounts! Worse yet, Even for users that already migrated away from using Skype login, the old Insecure password!

I am pretty sure that by now, with so many industry compromises, old insecure passwords some of us used 10+ years back are “Floating” out there for sale or otherwise. For Microsoft to allow that old login to still be active is borderline Criminal! There are no indications in one’s Skype account that old Skype credentials stay active, nor Ever any requests to update/replace that old password yearly. To confirm my theory I in-fact tried to login with those old insecure credentials, only to see that I do still go through and face the evil “Account Suspended” message!!!

Skype provides no customer service phone number to contact, not even Chat support. Their email/forms to fill out only return after 24 hours or so, and as mentioned, no-one even tries to read what I put on that form. Truth is, there isn’t much for me to fill out in that form. It asks what month and year did I open my account – would any of us remember? It also asks about any financial transactions I made with Skype, which I never did (since other VoIP services were always cheaper and more convenient, working from real phones). It asks for date of birth, which I never submitted to Skype as even back in a day I registered I already was concerned with online security. It asks for billing address, which they obviously don’t have because again – I never paid for anything. So that form is fully useless, of course, as seems to be their whole customer service. Sadly, Microsoft is probably paying good money for that “offshore support” (responses always come at night), but obviously they don’t have any iota of understanding how to actually provide it or even when to know to escalate to someone who can help.

I will update this post if something develops, but meanwhile – here’s something you should do Right Now. If you have registered like me, Many Years Ago, go to Skype.com and see if there is any way to change/disable any old credentials you may have used before switching to secure Microsoft account. If there isn’t any way to disable that old insecure login, at least see if you can change that old password to some jumble of letters and digits, that won’t be easy to crack as our 1999 passwords used to be…

UPDATE: I was finally able to restore my Skype access. It is as I suspected, the old Skype account is still active “underneath Microsoft account”, even if you never use it. Please ensure it has complex or even “random jumble” style password. Furthermore, looks like Skype’s own password policy has been greatly improved over the years and my old password was Not Even Nearly secure enough to meet their current policies. However, there was never an alert to change it, not a single email reminding me that old password is too short or too old. Nor any notice ever came out when new device in Africa logged into my account – not a single email on that. So Skype seriously needs to update their security practices, and so should we all.

Solved: The driver detected a controller error on \Device\Ide\IdePort2

21 Comments

Microsoft Answers PictureMy son and I went through rather painful ordeal with this Event 11 that Windows quietly generates. It took us few weeks to fully work out why Windows suddenly started hanging, misbehaving or even crashing with blue screen. Now that I feel it is fully resolved, I thought I’d share my conclusion (and the process) – hopefully it will help few others out there who are struggling with this. Ridiculously, many people are likely affected by this issue, but unless they open Event Viewer and search for this event id 11, they will not realize that hanging is not “normal” behavior, even for Windows! OS seems to silently recover from this problem 10 to 60 seconds later, which is really strange in my book – considering that user isn’t even alerted to this serious atapi error.

For impatient souls among us, here are my conclusions:

  • First thing – check the SATA/EIDE and power cable connection between your hard-drive and the motherboard. If possible, try another SATA outlet on motherboard or another SATA cable if available.
  • If it still happens, the bad news is that this is likely a disk controller error, which is especially problematic since nowadays disk controllers are built into the Motherboard. If you are in a budget crunch, one potential workaround is to slow down your HD to use different PIO. This may avoid hangs, but will slow overall performance, so no fun solution…
  • Proper solution appears to be to replace motherboard, hence replacing disk controller. There are many motherboards starting at just $50 and in most cases it will improve overall performance and stability for you, even if you keep the same CPU and other components.

I am pretty confident that this is the right diagnosis, as we went through a lot of trial and error investigative work, in a space of few weeks, after it started abruptly. At first, I was pretty much convinced that HD is dying. The system had two hard-drives, and the older hard-drive was seemingly working just fine, even with the same SATA cable and connected to the same slot on the Motherboard. Turns out it was using slower PIO by virtue of it being older HDD. During the troubleshooting process I reinstalled fresh Windows 7 64 Bit multiple times, on various HD drives, only to see the issue start happening almost instantly after clean install. Few days ago a fresh HDD became available (separate long story), so I tried replacing the “dying” HD. Guess what, it being newer HD, it was instantly affected by the same issue, even though I put clean Windows there also. Thus it was concluded that controller was faulty, and I went shopping for a new motherboard. As an aside – DDR3 memory is Ridiculously Cheap. I was able to pick up 8 GB of Gamer grade memory for $25 (after rebate), so that is another bonus with upgrade.

We ended up replacing CPU also (time for upgrade anyhow), but all other components stayed the same. Right now I have 3 Hard-drives happily working flawlessly there, including the “dying” HD, and the rest of the computer is faster and better than ever.

Feel free to leave comments if you are still struggling with this issue, and I will try to answer. Good Luck and Happy New Year!

PS: As a bonus tip – while I was troubleshooting, I had to reinstall Windows 7 couple of times on various HD drives. Did you know you can avoid “tarnishing” your license in such scenario by Skipping product key page during Windows 7 setup? Very handy, and then you have up to 28 days to put your real key in and activate. During that period Windows is fully functional and we had used it like that for over a week while troubleshooting.

Software Patents – Oxymoron

Comments Off on Software Patents – Oxymoron

home_hero1Just a quick post regarding the Software Industry drama unraveling here, here and here. Quick recap: Google is upset with “patent trolls” extracting fees from Android manufacturers via Patents. This ends up costing device manufacturers, and probably ends up making more money for Microsoft than they make from their Windows Mobile 7 sales!

As someone in the Software Industry I just wanted to say this: Over my 18 years in software industry I have seen Many ideas dubbed “revolutionary” at the time. But, I have not seen a single one that I would consider patent worthy. In fact – just about every “software patent” that I heard about was borderline ridiculous. More often than not same algorithms or coding concepts have been in use for years in various companies, but likely were never disclosed in the open. Sometimes, they may have been disclosed in open-source even, yet Patent office doesn’t check there, so they grant it anyhow.

Let’s say tomorrow I think of a clever double linked-list, combining hashed keys distribution buckets concept with bloom filters, to speed things up. Heck I could sit down and write it from scratch, all from my own head, simply because it seems like a great efficient idea to organize data in memory! Boom, someone else could patent it, even a year after I write it and use it, and now my code is violating patents?!

I promised short post so let me just sum up my thoughts on this:

  • Let’s abolish pure “software” related (algorithmic, code, etc) patents altogether, they just don’t make sense – much like protecting a Drink formula. (Yes, simply follow Coca-Cola’s advice and keep your source code secret, if you want to protect it).
  • For other Innovation and Patents – I respect the companies right to extract value from their unique ideas. However, with our increased pace of society now, patents should step up also. I say they should be granted within a month from application and kept valid for a year or two at most.

So there – all problems solved – and no more giant corporations squabbling over source code that was (mostly) written years ago by (undoubtedly clever) developers who since moved on to write even more clever code, for someone else (who probably doesn’t try to trick patent office into patenting it).

Disclaimer: Opinions expressed above are strictly my own personal thoughts

Internet Explorer 9 – 64 Bit Beta – With Flash (beta) – Finally!

Comments Off on Internet Explorer 9 – 64 Bit Beta – With Flash (beta) – Finally!

IE9 Beta Logo Yesterday IE 9 Beta landed on the web. It’s a major rework of the most popular browser, with support for fancy new features (like HTML 5 and CSS 3) and Hardware Video acceleration. I of course installed it right away, and then was even more ecstatic when I saw in my Google Reader feed that Adobe (Finally!!!) released 64 Bit version of their ubiquitous Flash Player.

First impressions? I am not really all that impressed, unfortunately for Microsoft. Although I am really excited that 64 Bit browsing (which is presumably more secure) now finally sports HTML5 support and Flash support.

I guess speed still depends on server and Internet congestion. Startup experience is improved, but Chrome still starts faster on my machine. New tabs open pretty quickly, but look unimpressive (to say the least). Plus, on their own Beauty of the Web site, I get significant “hiccups” in frame rates, from time to time. This is on nVidia accelerated quad core beast, aka my main PC, which I am very happy with overall.

Oh well, it’s a Beta. Overall, it is definitely a step in the right direction. Plus, if you are one of those (strange?) people who like Toolbars and Add-ons, it will tell you which ones are running slow and impacting your overall IE browser performance.

Enjoy!

The Next Series: Part 3 – Apps Marketplace

Comments Off on The Next Series: Part 3 – Apps Marketplace

ios4-logoThe Apps Store is all the rage nowadays and everyone says how “Apple Invented this Revolutionary Concept”. As I recall – Windows had a Marketplace for Apps and Accessories going way back…

Still, the true revolution in Apple’s iOS is the seamless end-to-end experience of discovering and purchasing / installing Apps. And, in my opinion, the “installing” part is even more critical here!

Windows_8It is pretty obvious that with Windows 8 Microsoft will take App Store to the next level to try and “stay with the times”. But will they be able to take the bold re-engineering steps necessary to make install / uninstall finally a Seamless experience?

Why is this critical? Because of “experimentation” empowerment – with iPhone users feel Free to install Applications (either Purchase or Demo) just to Check them Out. This, combined with social “What’s Hot Now” aspect, leads to huge Boom in the Marketplace – ultimately bringing huge payoffs to Platform ecosphere.

iOS appears to have this art down. In my experience iPhone can easily have hundreds of Apps installed, yet it starts up just as quickly, uninstalls just as cleanly once you’re “done with it” and really releases the space back to the user.

For Windows to get to the same place is a huge challenge, but if they do – perception is an even harder thing to fix. Today’s Windows Apps require weird “install” wizards, force themselves into PC Startup, add slow “Services” and buggy “Drivers”, seed computer with Temporary files and often create countless duplicates “per user account” to operate. Even worse, we accepted as “norm” the fact that our Shiny New PC’s come with Crapware from the Computer maker, and the fact that anything we install is likely to slow our computer down and we will never be able to fully uninstall it.

Meanwhile Google’s Android Marketplace is showing us that it is possible to keep an Open marketplace and still maintain decent platform quality. Microsoft does have some right ideas there, but I wonder how much will come to fruition and most importantly, how soon will it materialize for Windows to stay relevant.

Biggest thing that Windows has going for it is a large user base which is familiar with it. Few Great Games and MS-Office are also helping to keep Windows alive, but for how much longer?

Older Entries