Author Topic: Microsoft wont let me in my email anymore  (Read 998 times)

0 Members and 1 Guest are viewing this topic.

Offline evb149

  • Super Contributor
  • ***
  • Posts: 1654
  • Country: us
Re: Microsoft wont let me in my email anymore
« Reply #25 on: April 23, 2018, 02:25:41 am »
As far as linux goes, well, it isn't perfect (nothing is), and it would be an oversimplification to say that it eliminates the problems of getting your system infected by malware at the drop of the hat.
But to a very good approximation (i.e. is is much more true than not) it is really true that it offers you those protections as close to reliably as almost anything else can and certainly better than MS Windows!

For many years you do have available things like mandadory access control systems like SELinux as free upgrades to LINUX, there are a few variants of that sort of scheme and several implementations / extensions to actually configure and use it by default (in some ways whether limited or not) in various user oriented distributions.
https://en.wikipedia.org/wiki/AppArmor
https://en.wikipedia.org/wiki/Security-Enhanced_Linux

Even the ordinary security systems like the basic unix permissions system and the ordinary login / password based security isn't bad.  It isn't perfect but it is by no means "nothing".  It also for many years has been able to use techniques like ASLR and data execution protection:
https://en.wikipedia.org/wiki/Address_space_layout_randomization

Also it is a matter of the 'ecosystem'.  Have you not read articles that stated how prevalent malware is in Android apps or also many MS Windows downloads?  Where a high percentage of inexpensive paid and free apps are malware right from the start?  And then look at the statistics for critical insecurities even in many of the most prevalent and most major apps for MS Windows.  The crapware Adobe makes like Reader or Flash stand out as prominent examples.  Almost a monthly never ending circus of critical vulnerabilities that were actively exploited for... decades.  Literally.  MS Office crap and their joke browsers et. al. not much better.

Then again look at LINUX.  Yes, not perfect, yes, it does from time to time have critical vulnerabilities in the OS or core GNU components or the applications.  But compared to MS Windows?  Please.  No comparison.  As the fellow said above UNIX stuff has in some large part originally been made by engineers for engineers.  Many of those authoring engineers actually having deep philosophical mistrust for the insecurity and unpleasantness of MS Windows software.  So they made ALTERNATIVES to Adobe Flash, internet explorer, Sun/Oracle JAVA, Adobe reader, MS Office, codecs, movie players, audio players, etc. etc.  Yes typically such "linux app software" has had a lot worse record of vulnerabilities than the "core UNIX OS" components.  But overall over the past couple of decades you just don't see anything like the rate and severity of critical vulnerabilities in the UNIX apps than the MS Windows ones.  Again, look at the track record for Adobe Flash and Adobe Acrobat Reader and MS Word.  Non stop disaster multiple times per year always some new critical problem.  And that's SW that is put out by multi-billion dollars valuation companies with teams of hundreds of professional programmers.  The UNIX alternatives put out usually by 1-20 core amateurs working as a hobby unpaid more likely than not.
And the UNIX versions usually worked better and were more secure.

UNIX "always" has given you plenty of good and generally free solutions for important things like:
* Authentication security (e.g. PAM)
* User security (it actually is a proper multi-user system with encouragement to have all services and system functions partitions into totally different logins each with only the access it requires to other programs and the system resources).
* Extensive logging / auditing (syslog, etc.).
* Excellent backup and data integrity protection / verification tools.
* Filesystems that don't completely suck. :)
* Excellent update / package management options in most common distrubutions.
* Excellent transparency (open source, open development processes) / community auditability etc.
* Network security (all kinds of things like IPSEC, SSH etc.)
* Industrial strength network / system monitoring and intrusion detection tools.
* Fully user controllable system "attack surface" to the point where you can easily strip a system down until it does one thing and only that one thing all the way up to having any subset of any given services / applications you want enabled and nothing you don't want.
* Extended domain isolation solutions (containers, VMs, chroots, jails, ...)
* Industrial strength network routing and firewalling built in to almost the most basic installations (IPTABLES, et. al.)

Ultimately though if the USER is in CONTROL of the SYSTEM then it is a losing game.  If someone is stupid enough to "just click ok to anything", "believe anything"  then of course in short time they can be convinced to self-install malware because some web site promised them a funny joke or dancing monkey or cute cat video or free game or something.

But assuming some basic IT sensibility and literacy is required to have the competence to administer ANY computer with a bit of wisdom, UNIX gives you all the tools you need to have anywhere from industrial strength security to a "totally open" unsecured PC, your choice.

The difference with MS windows is that:
A: You DON'T (to a good approximation) have the tools to configure / control / administer your own system even if you had the knowledge and will to do so.  Yeah maybe if you're running windows enterprise server they give you more of that.  But look at what they nerfed in the home editions of the OS in Win7 and above vs. the Server/Enterprise ones.  You don't even HAVE administrative control over most things.

B: The base distribution is for the most part (Win7 and above, particularly Win8/10) is pre-infected with spyware/malware that you don't control.

C: You can't meaningfully strip unwanted attack surface out of the system beyond a certain point.

D: The crapware Microsoft and others publish for the OS is often just that, crapware that is too dangerous and actively user hostile to trust.  Again, Flash, Reader, etc. etc. long history.

E: They actively limit you from having access to good open software alternatives in applications on these increasingly "walled garden" user lock in platforms.

F: At the end of the day it is not a "multi user" (as in simultaneous) system and inherently is an expensive system to deploy.  On LINUX you can pay $35 or whatever, buy a Raspberry PI, and you have a *dedicated* LINUX machine.  Maybe you use it to do all your banking or whatever is secure as a physically air gapped distinct computer from your "ordinary PC" you use to play video games or whatever.  Or maybe you just spin up some different purpose VMs for such partititioning of secure vs insecure use activities.  You can't cheaply do that using MS Windows both because of the system requirements and the OS licensing and administration setup doesn't make it practical.  LINUX option makes it easier and cheaper not to put all your eggs in one basket.

G: The filesystem and backup utilities are beyond a useless joke in MS Windows.  Now for $100 cost you can buy a simple hard drive that gives you capacity to store more information than is contained in a large sized library worth of books.  Enough room almost to store your entire life time's of records and information on except for high quality videos.  A key part of protecting your information security is making sure it remains accessible to you with integrity.  But you CANNOT do that at TByte scale on MS Windows.  Full stop.  You don't have the management, administration, organization, access, access control, backup, filesystem and other tools to even begin to do so sanely and scalably.  Although UNIX isn't perfect in these regards, again, it is the thing that is being used in places like libraries, data centers, et. al. for these purposes.  Anything less is just a toy.

So yeah no matter what OS you run (with only a few exceptions you would not use) it isn't going to MAKE you secure unless you obey the computer not the computer obeying you.  But LINUX givex you enough tools and choices to "easily" (by sysadmin standards) have industrial strength reliability / security.
If you choose not to do so you are only shooting yourself in the foot by ignorance or laziness.

In a meaningful way you don't even have the OPTION to achieve that level of security with MS Windows unless again you're some expert sysadmin running enterprise server cluster or something.  Not even possible with "home edition".

Interesting thread.

Linux won't give you "any more security". Not unless you've configured SELinux properly, which you probably haven't. For example if there is a buffer overrun in Firefox then it can escalate quite happily to run execve() and piss all over your user account unless it's in an SELinux context which allows access to only the files and network sockets that Firefox needs to run. Once your user account is compromised then it's game over either way as that's where your data lives which is the highest protection priority on the system. The main reason to run Linux is "functional idempotency" which means every time you get it to do something it does the same thing, and does it pretty damn quickly, unlike certain monolithic lumps of poo from Redmond. Oh and it's free.

Really:

1. Use linux but don't assume it's any better for your security, mainly just your sanity and productivity. Most of the attack vectors are still there but just not exploited routinely.
2. User diligence is more important than safety nets.
3. Make sure you can move everything you have off the cloud in a snap if you have to.
 

Offline Stefan Payne

  • Contributor
  • Posts: 18
  • Country: de
Re: Microsoft wont let me in my email anymore
« Reply #26 on: April 23, 2018, 01:58:31 pm »
None of this would happen when using Linux, because:

 - The normal user account is not a privileged account, no programs are installed without your consent and even with your consent is difficult  :-DD.
 - Reduced attack surface due to better security architecture and not the least because the Linux distributions are fragmented and isn't worth building personalized exploits.
 - No Adobe Reader anymore (big win), rarely the flash works.

So, in my experience I've never ever heard of some Linux desktop remote exploit, browser hijacking and similar stuff, of course the human factor will still click links in the mails and go to PäyPal.com, but this unavoidable.
1. Same with Windows. If something wants Admin Privileges, Windows asks you if it is OK, well if you didn't disable this and this is standard since 2006 or so, Vista
2. So you're saying that its less vulnerable to attacks because nobody uses Linux...
But that Argument is Bullshit since Linux goes down to some single points of failure, the Kernel, systemD and other Libarys that most distributions use. The biggest differences between those is the Package Manager, not the Libarys.
3. Since Windows 10 nobody uses that no more, Windows has its own tools for PDF files and even can print PDF files.

So in the End you are just flaming Windows for no reasons, because you believe in Linux...

I like new things and tried Linux many times and its not as awesome as some Linux Fans make it out to be. And if they would be honest, it would help more people converse to Linux  than telling people its the best there will ever be.

And to be blunt:
The Strongpoint of Linux is its modularity. If you really know what you are doing, you can build a Linux that's really well suited for whatever you are going to do with it.

As a Desktop OS, Linux is a Pile of Shit, because the Window Managers are so ancient, badly imitate mac OSX (Gnome, rotate the Apple Dock by 90° Clockwise...) while not beeing that user friendly at all.
And KDE for example doesn't even support streaming from Windows Shares.

So no, Linux at a Desktop OS is not a good idea. Especially if someone isn't interested in Command Line Stuff.
Because that's still needed today.


Sorry, but for Endusers, there are just two possibilitys right now:
Windows
MacOSX

Both are viable options. Linux is not really. Most of the Window Maneger Things are at a Level of Windows Vista at most, many even Windows 95. Or worse.
I think it was in the Linux Mint 18.2 or so Changelog where they mentioned that Mate is now able to put the Startbar to the left or right side. Yeah, Windows 95 already could do that...


Anyway, back to topic:
That sounds phishy....
Don't give them your Credit Card information!
 
The following users thanked this post: mikerj

Offline bd139

  • Super Contributor
  • ***
  • Posts: 3871
  • Country: gb
Re: Microsoft wont let me in my email anymore
« Reply #27 on: April 23, 2018, 04:34:54 pm »
I’m using xfce. That seems fine. I agree that most of the desktops are shit though.
 

Offline JanJansen

  • Frequent Contributor
  • **
  • Posts: 315
  • Country: nl
Re: Microsoft wont let me in my email anymore
« Reply #28 on: April 24, 2018, 12:53:39 am »
To be affected by it, you have to be a minor or you have lied.

I always go for the oldest age available,
at the moment you can choose up to 1 januari 1905.
Maybe when i registered this email i selected year 1900 ?
My ±100€ lab : old scope, peaktech 6225a, aneng 8008
 

Offline ebastler

  • Super Contributor
  • ***
  • Posts: 1534
  • Country: de
Re: Microsoft wont let me in my email anymore
« Reply #29 on: April 24, 2018, 02:56:02 am »
I always go for the oldest age available,
at the moment you can choose up to 1 januari 1905.
Maybe when i registered this email i selected year 1900 ?

That would explain why Microsoft has disabled your email.
Their algorithms have determined that you must be dead by now.  ::)
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 7651
Re: Microsoft wont let me in my email anymore
« Reply #30 on: April 24, 2018, 07:03:01 pm »
I always go for the oldest age available,
at the moment you can choose up to 1 januari 1905.
Maybe when i registered this email i selected year 1900 ?

That would explain why Microsoft has disabled your email.
Their algorithms have determined that you must be dead by now.  ::)

Was it two days ago? That's when the only remaining person from the 19th century died:

https://bnonews.com/site/index.php/2018/04/oldest-living-person-nabi-tajima-dead-at-117/

If so, you have to admire Microsoft's diligence in patching security holes.


« Last Edit: April 24, 2018, 09:25:03 pm by Fungus »
 

Offline mikerj

  • Super Contributor
  • ***
  • Posts: 1520
  • Country: gb
Re: Microsoft wont let me in my email anymore
« Reply #31 on: April 24, 2018, 09:31:50 pm »
I'm not a Linux user so I hope you can explain how using Linux on your own PC prevents theft of your personal information from third party servers?

Well, usually it goes like this:

You surf some legitimate sites and got hit by a drive by Javascript injection attack via some ad, don't need to go to shaddy sites anymore nowadays,

I use a script blocker.

eventually open a PDF file for an old part, found somewhere on on the net from a Chinese site and you AdobeReader is not patched or is a zero-day exploit. The payload is downloaded, launched and take fully the control of your PC, in a very intrusive mode,  may say.
Now your PC is on of the millions of windows remote controlled PCs.

I don't use any Adobe products.

First the newly joined machine is searched for any information that may prove useful to the bootnet masters, do you have security clearance, do work for a government agency or important company, if not you can still mine some coins and do some DDOS attacks, also if you do your banking your account details and passwords are most welcome.

None of this ?

Don't worry, we'll do a browser hijack, and instead of outlook.com now your saved email page goes to cracker.com phising page and if you give the CC details, score !!!

I don't use web email, so it would have to be an email client hijack.

None of this would happen when using Linux, because:

 - The normal user account is not a privileged account, no programs are installed without your consent and even with your consent is difficult  :-DD.
 - Reduced attack surface due to better security architecture and not the least because the Linux distributions are fragmented and isn't worth building personalized exploits.
 - No Adobe Reader anymore (big win), rarely the flash works.

So, in my experience I've never ever heard of some Linux desktop remote exploit, browser hijacking and similar stuff, of course the human factor will still click links in the mails and go to PäyPal.com, but this unavoidable.

 Do you want to know more ?  ::)

 DC1MC
 

Yes, I would like you to answer my original question, rather than trying to divert the issue.

If a hacker compromises a third party server holding personal data (as happens quite frequently), how will running Linux on my desktop/laptop prevent the hacker gaining access to my data?  For instance, back in 2013 when Yahoo had around 1 billion user accounts compromised, were all the users running Linux protected?
 

Offline MT

  • Frequent Contributor
  • **
  • Posts: 639
  • Country: fo
Re: Microsoft wont let me in my email anymore
« Reply #32 on: April 24, 2018, 10:25:22 pm »
If you can’t access your email account, get information on how to recover your hacked account.
I dont know what to do, any advice for me ?, i am a emailless person now.
thanks

https://protonmail.com/

The only third part hacker today is the conglomerate of CIA, NSA, DOD,IRS, FBI.
« Last Edit: April 24, 2018, 10:49:44 pm by MT »
 

Offline metrologist

  • Super Contributor
  • ***
  • Posts: 1130
  • Country: 00
Re: Microsoft wont let me in my email anymore
« Reply #33 on: Yesterday at 12:12:27 am »
Just a little offtopic wow: Are people (parents) these days so stupid and naive, to make their children email (or whatever else) accounts, at the big boys companies? Or to use cloud for your personal data? Just pure wow... I never thought that there is so many naive people these days. But as less and less people understand the basics of IT, it kind of makes sense (and profit for the big boys).

Kind of sad.

People? Yes. Not all parents. Around here at 6th grade, the kids all get chrome books or ipads, and fresh accounts for them. Schools are also using sites like shutterfly to host daily in-class photo-ops and extracurricular activities. More free website services are engaged more and more for these kids. They all soon get cell phones with unlimited text and photo messaging and gobs of data to freely surf all the most bestest sites online...

I see, the best way to protect privacy is for more and more large conglomerates to request more and more of your personal info.  :palm:
 

Offline JanJansen

  • Frequent Contributor
  • **
  • Posts: 315
  • Country: nl
Re: Microsoft wont let me in my email anymore
« Reply #34 on: Yesterday at 01:33:56 am »
Was it two days ago? That's when the only remaining person from the 19th century died:

https://bnonews.com/site/index.php/2018/04/oldest-living-person-nabi-tajima-dead-at-117/

If so, you have to admire Microsoft's diligence in patching security holes.

Thats right then, very funny.
Artificial intelligence dont likes humans.

My ±100€ lab : old scope, peaktech 6225a, aneng 8008
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf