Home » Uncategorized

Category Archives: Uncategorized

A Big, HUGE Microsoft Security FAIL.

(NOTE: This article was written December 7, 2016. Not one word has been changed since that date.  To understand why it can only now be published, read the article on this site called 107 Days: A Microsoft Security Nightmare. -MDG)

For reasons that will become obvious, I am going to delay posting this article until the issue has been resolved.

A few days ago a colleague of mine discovered the password to my Microsoft Account.  I won’t go into the how and why… I knew that my password had been compromised and I took the immediate steps to change it.

image

Ok, I understand that things break… I tried a few times, and then I decided to follow the advice and try later.  I trust my colleague not to actually use my password, so even though I felt uncomfortable with it being compromised, I knew I could wait a couple of hours.

Throughout the evening I tried (unsuccessfully) to change my password.  As I was sitting with my father having dinner, as I had drinks and cigars with my friends… no joy, I still got the same message.  ‘There’s a temporary problem with the service. Please try again. If you continue to get this message, try again later.

I want to be clear… if my network had an error that was preventing users from changing their passwords I would consider it reasonably important, and I would take immediate steps to fix it.  But having trusted Microsoft for so many years, I assumed this would be fixed eventually.

Four Days Passed.

Yes, it was literally four days before I decided that my passivity would not eventually lead to a solution.  I sat down and figured out how to request support. I was hoping to be able to speak with a human being.  Before I could, however, the Virtual Support Assistant got me to try this link and that link.  It then made me go through seventeen steps to finally confirm that the account in question was mine… and once it confirmed that I really am me, it tried to reset my password… and I ended up with the same error message that ‘There’s a temporary problem with the service. Please try again. If you continue to get this message, try again later.

Okay, it’s been nearly an hour… and I am chatting with someone who is quite obviously not their first round draft pick.  After all, I asked for help with Outlook.com, not with something that people actually pay for.  I spent twenty minutes explaining to him the situation, and the added (and I assume rare) complication that I have two accounts with the same address… my Office 365 account and my Microsoft Account are both the same address that are completely different.  ‘Please don’t touch my Office 365 Account, I only want to change my Microsoft Account.’  This led to another five minute discussion on the meaning of the word change.

He had me fill out another form on-line.  I did.  At the end of that form I got a message that said that the product team would contact me within 24-48 hours to help me.  I told the Support Agent that I had filled out the form.  He told me that now I had to wait until they contacted me.

All in all, my Microsoft Account (which is the account I use for my MCT & MCP Benefits, Skype, and myriad other features) will have been compromised for the better part of a week… and there was nothing I could do about it.  Yes, I could have contacted Answer Desk a few days earlier, so it would have been compromised for only three days.  I want to know in what world is that considered an acceptable delay to be able to change a compromised password?

Some time ago I started using Multi-Factor Authentication (MFA) for many of my most important systems, which is why I am never concerned that my blog or my password vault could be compromised.  For various systems I have a hard key (Yubikey) and soft keys (Google Authenticator and Microsoft Authenticator) which keep most of what I do safe.  But most of the Microsoft systems do not support MFA and I am stuck with only a password.  I use reasonably complex passwords so I usually am not concerned, but in a case where my password is compromised and I am not able to change it, I wonder how it is that a company as advanced as Microsoft (in this case) does not allow me to use MFA.  I would love to be able to require my Yubikey in order to log in to Windows and many of the on-line systems I use, but it is simply not an option.

I am disappointed by Microsoft this week… and I hope that they take the lessons learned from this experience to improve.  However I sit here today, thinking of the myriad occasions I stood on stage in over a dozen countries on five continents and defended Microsoft’s security systems as among the best in the world; I was always sure in my knowledge that I spoke the truth.  Today I would not feel comfortable making that claim… and my faith in their systems, like shattered glass, will not be easily fixed.

Outlook / Hotmail: We’re back in business

image

According to the dashboard Microsoft Account authentication is back on-line.  I have confirmed this is the case for my accounts, but hope you are having the same experience.

Outlook / Hotmail Issues Acknowledged

When I posted my last couple of posts Microsoft was reporting that ‘All is Well.’  Dashboards were green, nothing to see here.  That has now changed:

image

So we know now that the issues are pretty serious… at least, serious enough that they are now acknowledging them.

As for me, I have been having an issue with my Microsoft account that has been ongoing since December 5th.  I have held off talking about it for security reasons, but with all that has been going on today, and the fact that yesterday my account might have been hacked, I am planning on writing about it tonight.  And boy are you guys going to be shocked.  All I will say for now is this: DO NOT TRUST MICROSOFT SECURITY. 

Yes, I said it.  For a decade I have been espousing the virtues and benefits of Microsoft’s security.  Unfortunately I have had to change my position on this, and in a very big way.  DO NOT TRUST THEM.  It has cost me terribly, and I will tell you about it tomorrow.

M

Outlook / Hotmail Down: Update

So the worst fear of hundreds of millions of computer users has been realized today.

image

As I reported a little while ago, Outlook.com and Hotmail.com are down.  But it goes much deeper than that.  If login.live.com is down (see screen capture) that also means that OneDrive, Skype, and even XBox Live are out as well.  If you are a Microsoft Certified Trainer and you were planning to download courseware today, that’s not available either.  In fact, any service that requires authentication with a Microsoft Account is down right now.  We are still awaiting word from Microsoft as to when these services might be restored.  But for now, you (and I) will simply have to wait… in the figurative dark.

Outlook / Hotmail Down?

After receiving notification on my iPhone this morning that there was a problem with one of my Outlook.com accounts I went onto my computer to try it out.  It did not work there either, so I did some investigating.  It looks like this system is suffering a major outage today.  I am not sure if this is strictly the e-mail, or if other services relying on the extremely popular Microsoft Account (formerly Microsoft Passport, Live ID) are out as well.  One this is for sure… there are a lot of unhappy users on-line this morning who are not receiving their e-mail.  More to come!

A Good Day…

My day started with an urgent matter at the office… It was a small thing to fix but it prevented someone from working, so it was my priority.  Unfortunately for some reason I couldn’t connect to my corporate VPN, so I went into the office and fixed it.

Because I am not working full time right now I normally would not have gone in today… in fact, knowing how I was feeling after not getting a lot of sleep last night I might just have stayed home and taken a lazy day until my appointments which start late in the afternoon.  No, I was in the office at 9:30am instead.

I was not upset about this… far from it.  I have been getting things done that I needed to do today, some of which I have been putting off for a while.  I went to the Microsoft Store to pick something up (and exchange another), and I am not going to head downtown to pick up a gift certificate I won on the radio.

There are going to be bad days, no question.  But there are also days that can be looked at from different perspectives, and the difference between a good day and a bad day may just be how you decide to view it.  I decided to make today a good day… I hope yours is too!

Dickens Had It Right…

Ok, not about everything…

It was the best of times, it was the worst of times… This is certainly one of the most familiar opening lines of any book written since Genesis (which, it should be noted, was not a book at all).  The opening sentence from A Tale of Two Cities can certainly describe the last couple of years of my life.

To look at Facebook, 2016 was the worst year ever.  from the deaths of celebrities from David Bowie and Allan Rickman and Glenn Frey and myriad others, to the nastiest U.S. Election Campaign in history (culminating in the election of who can best be described as ‘The Lesser of Two Evils’) , 2016 was simply a terrible year.

I rang in 2016 at a beach resort in Cuba, with the woman I expected to spend the rest of my life with, having just finished implementing the largest IT project I had ever architected.  My family was healthy, and things were looking good.

January and February of 2016 were certainly good months for me.

Professionally, as well as financially, 2016 were not terrible years for me.  I re-joined and subsequently re-left Microsoft as a contractor… I taught a few classes.  I earned a decent if not spectacular living… but I was able to pay my bills and still put a couple of shekels aside for a rainy day. 

I remembered that while my responsibilities are important, it is also important to live.  So I went on more vacations in 2016 than in any previous year, bar none.  That is to say, trips where I got onto an airplane to a destination where NO work had to be done:

  • I went to Cuba over New Year with my (then) girlfriend… Ten days in Paradise, in the Las Tunas province, far from everything but the beach and the bar.
  • I went to Las Vegas in May with the same girlfriend (shortly after we got back together following our first breakup) and a couple of friends.  We had some good food, we saw two amazing bucket-list concerts.
  • I went twice more to Cuba with a friend (this time to Varadero), with numerous side trips into Havana).

Unfortunately not all was sunshine and cigars… Things with the girlfriend were going so well… until she ended things… twice.  When we got back together she made it clear that we were forever.  Unfortunately Forever didn’t last… in fact it didn’t quite make it to Thanksgiving.  And so I am single again.  I will spare you a retelling of the drama.

My best friend in the whole world… my four-legged friend who always meant everything to me passed away in March.  I do not know if it was the saddest day of the year… yes, I do.  It was heartbreaking to watch him suffer, and to hold him as he closed his eyes for the last time.  I cannot think of anything that made me cry like I did that night.  I also cannot think of anything that made me drink like I did that night. 

While the attachment was not at all like with Jacob, my now ex-girlfriend’s dog passed away a few months later.  Sir Gunter Red-Mane was another wonderful friend, and that was another very sad day.

As a father, it is amazing to watch my children grow, to mature.  It is also very painful to watch their growing pains.  My older son has grown into an amazing 18-year-old who is at a stage where he wants to be a man, but like any kid of that age he does not have all of the tools he needs to be one.  However he has gone off to university, and one day he will conquer the world.

My younger son is a happy little boy who has some issues, and we are dealing with them.  I thank G-d every day for his mother who does an amazing job with him.  I know that I am the ‘weekend Dad’ who gets to have fun with him and watch movies and go out, but she is the one who deals with the times when he is not all smiles and giggles.  She and I may not have been good as a married couple, but I am so grateful to have her as a co-parent.

My health is okay, my weight today (despite all my best efforts) is about 5lbs less than it was a year ago… better than 5lbs up, but still not enough.  That is my continuing struggle.  I have spent a good amount of time working out at the gym over the past year… not as consistent as I need to be, but much better than I could be.

And now, looking forward at 2017, I do not know what will be… I will strive to make it the best year that I can, and hope I can deal with any problems that arise as well as possible.

I know I am 18 days late folks… but Happy 2017 to all of you!

%d bloggers like this: