Hotmail adds "my friend's been hacked" reporting feature

[nsane.forums]

The crowd-sourcing feature, which can be found in the "Mark as" menu, lets users report compromised accounts directly to Hotmail.

Faced with the sobering reality that about 30 percent of all Hotmail spam comes from compromised e-mail accounts, Microsoft has added a nifty "My friend's been hacked!" reporting feature.

The crowd-sourcing feature, which can be found in the "Mark as" menu, lets users report compromised accounts directly to Hotmail.

"When you report that your friend's account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked. It turns out that the report that comes from you can be one of the strongest "signals" to the detection engine, since you may be the first to notice the compromise," according to Microsoft's Dick Craddock.

Once an account is marked as compromised, Craddock said two things immediately happen:

• First and foremost, the account can no longer be used by the spammer.
• When your friend attempts to access their account, they're put through an account recovery flow that helps them take back control of the account.

After turning on the feature for just a few weeks, Craddoc said Microsoft is having success:

We've already identified thousands of customers who have had their accounts hacked and helped those customers reclaim their accounts. And we've found it to be very effective and fast. Accounts that you report as compromised are typically returned to the rightful owner within a day.

The company also plans to prevent our customers from using one of several common passwords when creating Hotmail accounts.

View: Original Article

[DKT27]

Hotmail to ban common passwords

Microsoft has announced that it plans to prevent users of its Windows Live Hotmail email service from using common passwords. Accounts with common passwords are easy targets for hijackers, who often use compromised accounts to send out spam or even launch phishing attacks. The change will mean that users will have to choose a password that is harder to guess when they sign up for a new account and also when existing users change their password. According to Dick Craddock, Group Program Manager for Windows Live Hotmail, current users with weak passwords may, "at some point in the future, be asked to change it to a stronger password". The new feature "will be rolling out soon".

Craddock notes that, should an account be compromised, it is very often the victim's friends who find out before they do. Because of this, Microsoft is introducing a new "My friend's been hacked!" feature that lets users report that a friend's account has been taken over by flagging any spam or fraudulent mail they receive.

The report is passed onto the service's "compromise detection system" where it will be used, along with other information, to assess whether the account in question has in fact been hijacked. Once the account has been flagged as compromised, the hijacker will not be able to access it. The next time the account owner attempts to log in, they will be prompted to take back control of the account using the account recovery process. While the new feature initially only allowed users to report Hotmail accounts, it has now been extended to allow Hotmail users to report email from Yahoo! and Gmail accounts as well. These reports are then passed to the third-party providers so that they can work to recover hacked accounts.

"We've had this feature turned on for only a few weeks, and we’ve already identified thousands of customers who have had their accounts hacked and helped those customers reclaim their accounts. And we’ve found it to be very effective and fast. Accounts that you report as compromised are typically returned to the rightful owner within a day", Craddock said in a post on the Windows Team Blog.

View: Original Article