- Joined
- Aug 20, 2007
- Messages
- 2,307
- Reaction score
- 11
- Points
- 38
I have a Hotmail account. I don't use it for anything confidential or important. But when I logged into it using Microsoft's email web server I found they have an option to see historical activity on the account. Well much to my amazement in addition to my own valid log-ins over the last few months I found that every damn day someone in China is trying to log in 2-3 times per day never successfully since they are only guessing at the password. I suspect it must be some kind of automated hacking operation which probably tried to break into every Hotmail (or gmail or live.com mail, etc.) account they've ever run across anywhere on the web. They might just even make up account names and try to break into whatever they can find. The effort is clever enough to limit to a couple of shots a day cuz I do think Microsoft will block out spam attempts and even go so far as to lock out ALL access to email accounts that appear to be under attack or otherwise compromised.
I'm sure this hack strat can work from time to time since people come up with atrociously bad passwords. I can remember when a guildmate once asked me to log in his toon for a raid drop and his Station PW was something as retarded as, um... "password." (It was actually worse than that but I'll leave it to reader imagination lol.) And, yeah, his station account was his toon's name. Duh...
What I'm wondering is since these failed attempts are multiples every day and coming from China, why doesn't Microsoft just allow account users to block access attempts from any country they want. That's what I'm asking here too, if anyone has ever seen a way to do that. I know you can block log-in attempts on subscribed hosting services but I don't see any option on Microsoft's Outlook servers.
This supports my eternal gripe that major software and web companies create and permit situations that are implicitly high-risk and then deal with it only when a major breach has endangered thousands of people and <God Forbid> generated bad publicity for the company, and possibly legal liability. I'm sure there are arguments against allowing users to ban access from China such as server burdens and having to deal with CS inquiries when a user happens to go visit China and forgets to remove the block first. Cost v benefit is always the ultimate determinator of corporate marketing strategies, without a doubt.
I know it isn't just China, of course, and I know there are ways to hide incoming IP addresses. But we gotta start somewhere and use what tools we have easy access to, eh?
This is why every time I see some new app or service encouraging users to load even more personal info onto the web ("The Cloud", evoking a notion of a heavenly ethereal realm where everybody plays nicely together on virtually green dewey fields of contentment and comfort!), I have to laugh. A Boston-area radio host likes to do a show on "standing heads", which are basically reuseable headlines for newspapers which can always be trotted out for a story which tends to repeat itself in basic form regularly. Two "standing heads":
Cutting Edge Software Company Announces New Web Service: Webbermater Plus!
Few weeks or months later:
Webbermater Plus Hacked, Thousands of Customers Affected
Oh well, venting done. I know good advice would be to stop using Hotmail but it has its value for throwaway email accounts and I'm probably reacting more to my personal sense of outrage at hack attempts being made daily against one of my accounts than due to any worry that I'd lose anything of consequence.
Microsoft does allow turning on "two-step" log-in, requiring obtaining a passcode sent to a smart phone in order to log-in. Guess this would be their response to any complaints of my kind here.
But it's sooooo inconvenient! LOLOL
I'm sure this hack strat can work from time to time since people come up with atrociously bad passwords. I can remember when a guildmate once asked me to log in his toon for a raid drop and his Station PW was something as retarded as, um... "password." (It was actually worse than that but I'll leave it to reader imagination lol.) And, yeah, his station account was his toon's name. Duh...
What I'm wondering is since these failed attempts are multiples every day and coming from China, why doesn't Microsoft just allow account users to block access attempts from any country they want. That's what I'm asking here too, if anyone has ever seen a way to do that. I know you can block log-in attempts on subscribed hosting services but I don't see any option on Microsoft's Outlook servers.
This supports my eternal gripe that major software and web companies create and permit situations that are implicitly high-risk and then deal with it only when a major breach has endangered thousands of people and <God Forbid> generated bad publicity for the company, and possibly legal liability. I'm sure there are arguments against allowing users to ban access from China such as server burdens and having to deal with CS inquiries when a user happens to go visit China and forgets to remove the block first. Cost v benefit is always the ultimate determinator of corporate marketing strategies, without a doubt.
I know it isn't just China, of course, and I know there are ways to hide incoming IP addresses. But we gotta start somewhere and use what tools we have easy access to, eh?
This is why every time I see some new app or service encouraging users to load even more personal info onto the web ("The Cloud", evoking a notion of a heavenly ethereal realm where everybody plays nicely together on virtually green dewey fields of contentment and comfort!), I have to laugh. A Boston-area radio host likes to do a show on "standing heads", which are basically reuseable headlines for newspapers which can always be trotted out for a story which tends to repeat itself in basic form regularly. Two "standing heads":
Cutting Edge Software Company Announces New Web Service: Webbermater Plus!
Few weeks or months later:
Webbermater Plus Hacked, Thousands of Customers Affected
Oh well, venting done. I know good advice would be to stop using Hotmail but it has its value for throwaway email accounts and I'm probably reacting more to my personal sense of outrage at hack attempts being made daily against one of my accounts than due to any worry that I'd lose anything of consequence.
Microsoft does allow turning on "two-step" log-in, requiring obtaining a passcode sent to a smart phone in order to log-in. Guess this would be their response to any complaints of my kind here.
But it's sooooo inconvenient! LOLOL
Last edited:
