krish – 起死回生 [Wake up from death & return to life.]

February 14, 2012

Microsoft Store India hack

Just about 48 hours ago, news went viral about the latest assault on Microsoft’s India store website.

As the ‘EvilShadow Team’ probably flex their legs and people, blogs, news guys boo-haa MS for being so naive on storing passwords in plain text,  I was thinking ‘wait-a-sec, MS has been through plain text mistake earlier too.. where they really so careless?’

I try to visit microsoftstore.co.in and get greeted by a message like this:

microsoftstore.co.in

 

Notice how it says ‘Microsoft is working on it’ rather than saying ‘We are..’
And bingo, that reminds me that the store and website is not operated by Microsoft but ‘Quasar Media’!

How do I know?
I remember applying ‘social engineering’ on their customer support while reasoning why prices of Xbox accessories were different on ‘http://www.xbox.com/en-IN’ vs ‘microsoftstore.co.in’ .. I got more insider details too but it isn’t relevant in this post.

Clearly, it was an outsourced operation and ‘Quasar Media’ has been loose about their security. I’m sure the top brass is getting a scream from MS.

What should you be doing?
If you do have a microsoftstore.co.in login (or should I say ‘if you did’ – past-tense), and if it is important to you (not the id, but the other creamy information you’ve given along with signup), then please go now and change your password ( obviously, when the site is up ).

I do not remember having a store id, although first thing I did when I heard this news was to change my XBL password, just in case it was an SSO.
Anyone remembers if store login was an SSO? If it was, you better get on with changing any of your MS/related service passwords…. live.com, msn, XBL, azure? to name a few.

I did too, but /me thinks it was not an SSO. If it was, then it would be a more serious shit and Microsoft would have been calling up their media friends by now.

And finally, word of advice: Do not allow browser to save password of any site that you’ll use your creditcard/banking information.. includes netbanking login, movie ticket sites, online stores such as microsoftstore.co.in :), XBL. p’uh’lease do not use same passwords for your email id and other websites.
I’m sure most of these guys have: (thanks to engadget.com for this image)

Aiyeeeee!

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Please leave a Reply / Discuss this topic here :)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

The Male Factor

On behalf of the ignored gender

Rough Draft

by Atteris Amarth and Darrek Ringo

The Kochi Post.

Read by all + Influenced by none

JumboMake

A signature of Kiran

SAAYAM CHEDDAM FOUNDATION

This blog is just for additional and extension share of it's main frames. No activity is planned from here

krish - 起死回生 [Wake up from death & return to life.]

Get a sneak peek into krish's life, work and passion.

WordPress.com

WordPress.com is the best place for your personal blog or business site.

A Tale of Two and a Half

Monika Amita Bakshi

%d bloggers like this: