Microsoft determined that the attack was not a breach of internal Microsoft data and believes that the account data was gained by a phishing attack. Phishing attacks are common ways these days to lure users into entering their account data on websites that look like the real deal but are not.

Hotmail users are encouraged to immediately change their account password to protect the account from unauthorized access. It is furthermore recommended to change the account password on other websites if the same password was used for accounts there as well.

A good tool that can help users create and use secure passwords is the Last Pass extension which is available for Firefox,Internet Explorer and Google Chrome.

Related posts

• Truemark Email Identification (5)
• Leaked Hotmail Password Data Analysis (4)
• Hotmail Login (4)
• Gmail Adds Email Import (1)
• Enable Hotmail POP3 In All Countries (31)

I want to go beyond the usual recommendations to discuss PC security issues that many users do not think about at all or not enough.

Update

You can install a secure operating system, an award winning anti-virus software and firewall and still fall prey to attackers through outdated system components. Programs that are used on the computer system need to be up to date. That is especially true for the operating system and programs that connect to the Internet. This includes the web browser (including web browser plugins like Flash), email client, instant messengers, but also the security software programs (which usually come with automatic updates turned on). The computer is vulnerable if the operating system and programs are not up to date.

Email

There are only three rules for emails: Do not open attachments, do not click on links and do not use HTML emails. Email attachments can contain malicious software. They usually do if the sender is unknown or by a company that never send you attachments before. Links can be disguised to look as if they point to a trustworthy website when in fact they lead to a phishing website to grab your username and password. HTML emails can be used to exploit the browsing engine and are also used for tracking users.

Here is how I handle these three risks. Attachments send by friends are usually safe. It is important to check the extension of the attachment. I’m cautious if it is an executable (even when send by a friend). Executables send by senders I do not know are deleted instantly. I check the remaining executable attachments at the online service Virus Total. If I’m still unsure I contact the friend asking about the attachment and why it was send to me.

I never click on links in the email client. If it points to a site I know I open the site manually in my web browser. I otherwise check if the link text and the link are pointing to the same url. If they do I copy and paste the link in my web browser (Firefox with Noscript, so barely any risk here). I do not have to supply username and password since I do not know the service so no fear of phishing in this case.

HTML can be disabled in most email clients.

The Web

I use Firefox mainly for the add-ons and in particular because of the NoScript add-on which provides an excellent layer of security (it disables all scripts by default with the option to enable them individually again). NoScript takes care of most threats on the Internet if it is used in the right way. Someone who always enables all scripts on a website (because it is faster than enabling only some) is not more protected than someone without NoScript. If you enable scripts only on websites that you trust then you are well protected (yes there is always a tiny chance that you are attacked on these sites as well e.g. through malicious banner advertisement).

Another add-on that I have come to love is Last Pass. A password manager and secure password generator that can create and remember passwords and profile information. Last Pass connects urls and passwords which is an excellent phishing protection as well. Say you have username and password saved in Last Pass for PayPal.com. If you open a phishing website that mimics the PayPal website you will notice that Last Pass will not automatically fill out the username and password. Something that the add-on would have done on the real PayPal website.

Files that can be executed are another threat on the Internet. A good way of dealing with those files is to use Virus Total again to check them out before executing them on the local system. It is advised to only download these files from trustworthy sources (big download portals, websites of trusted developers).

Verdict

The majority of attacks can be rendered useless with the right PC security. Updates are probably the most important part of every PC security strategy but caution is a close second. It is always advised to double-check a file or site. This might take more time but it can prevent attacks on a computer system which will save the user lots of time in the end.

Related posts

• YesScript is NoScript’s Antagonist (8)
• x Ways To Manipulate Websites In Firefox (6)
• Web of Trust: collaborative online security (7)
• Truemark Email Identification (5)
• Track Me Not Firefox Extension (3)

It is for example possible to access the passwords on other computer systems without having to carry them around on storage devices like USB sticks. And since Last Pass is not only compatible with Internet Explorer it comes also handy for users who work with web browsers like Firefox. It is basically possible to share passwords and other data between Internet Explorer and Firefox this way.

The download of the password management software is cross-browser compatible. It can install the add-on in both Internet Explorer and Mozilla Firefox at the same time. New users can create an account during the installation while existing users need to supply their login credentials to end the installation.

Last Pass adds a button to the Internet Explorer toolbar that provides quick access to most of the features offered by the password management software. It is for example possible to open some of the recently opened websites, switch identities, edit the preferences or add secure notes.

Password Management is not the only feature offered by Last Pass. The program can store notes in the password vault and offers an option to create form profiles to fill out forms on websites more easily.

The add-on will automatically recognize username and password forms on websites and act accordingly. It can fill out the form automatically if the login credentials are already stored in its database. New passwords can be generated with the versatile password generator. Last Pass is definitely one of the best password management tools.

Related posts

• Validation removed from Internet Explorer 7 (5)
• Use Multiple Internet Explorer Versions Simultaneously (10)
• Uninstall Internet Explorer 8 (33)
• Real Player Internet Explorer vulnerability (2)
• Qpedia Adds Wikipedia Search to Internet Explorer (3)