MS Warning & Password Monitoring

8467359093?profile=RESIZE_400xThe president of Microsoft, Brad Smith, provided a warning of increasing cyber-threats to society as technology plays a more powerful role in our lives.  This warning delivered during his recent talk at the Consumer Electronics Show (CES) 2021.  Smith delineated the potential enormous benefits and advancements that technologies offer, including in areas like; sustainability, the cyber-threats being faced are correspondingly becoming increasingly concerning. “As computers create all this promise, there are new perils arising as well,” Smith said. 

Smith explained the time when cybersecurity first came into focus at a governmental level.  This was in 1983 when the then US president watched the movie War Games, which involved a hacker who almost started a World War after gaining access to a US military ‘supercomputer.’  Worries that a similar cyber scenario may occur in real life, the first US national security computer directive was created.[1]

Smith believes a similar proactive approach needs to be taken now, saying, “It’s a powerful reminder that we constantly need to keep learning, we constantly need to keep imagining what comes next.”

2020 has underlined the enormous dangers that critical infrastructure and services now face from cyber-attacks.  Very recently, the SolarWinds attacks, allegedly conducted by Russian state-sponsored threat actors, is something of a ‘game-changer’ in the view of Smith.  “This wasn’t a case of one nation simply trying to spy on or hack its way into a computer network of another.  It was a mass, indiscriminate assault on the technology supply chain that all of us are responsible for protecting,” he explained.  Therefore, it is critical that a set of international rules and policies are needed to show what is and is not acceptable in the cyber-sphere just as there is for the 1980’s conventional warfare.  Smith believes the cybersecurity industry has a key role to play in the development of this path forward.  “We need to come together as an industry and use our collective ways to say to every government around the world that this kind of supply chain disruption is not something that any government or any company should be allowed to pursue,” Smith emphasized. 

Smith also said that the SolarWinds incident highlights that everyone needs to work together much more closely going forward to detect threats such as this early, especially in data sharing.  He stressed that it was a “powerful reminder that threat intelligence and data, about cyber-attacks, really exists in so many silos today,” adding that it is “clear that the only way to protect the future is to understand the threats of the present and that requires us to share data in new ways.”  Smith additionally warned of dangers in getting too carried away with artificial intelligence (AI) technology, and “surrendering control” of computers, something that was a big theme in War Games.  While AI has the potential to deliver great things, “we have to think about the new guardrails we need to create so that humanity remains in control of our technology.”  His examples included facial recognition technology and machine learning tools, which can offer much more convenience to people, but also threaten fundamental rights such as privacy and even lead to bias and discrimination.

Smith concluded his talk on a positive note, saying such challenges can be addressed through global collaboration.  “If we come together and do work well, it can be a road that leads to a brighter future,” Smith added.

8467360078?profile=RESIZE_400xPassword Monitor

This past week, Microsoft reported it is adding a new Edge feature that will be familiar to Chrome and select other browser users: an alert when your password is compromised.  The feature is called Password Monitor.  The security feature is designed to alert users when their password has been discovered as the result of a third-party breach, such as from an old forum you used to post on that was later compromised.

According to Microsoft, Edge’s new Password Monitor will not reveal your password to Microsoft as part of the alert.  No one they say, including third parties, will be made aware of the passwords the user enters.  This is made possible, according to the company, using innovations from its Microsoft Research division. 

Checking for leaked passwords is a way to ensure you do not continue using one that has been compromised.  This sort of security issue usually happens when you have previously used the password with a service that experienced a data breach, resulting in user information being leaked on the dark web or other corners of the Internet.[2]   When the browser detects that your password has been compromised in this way, it will issue a warning when you enter the password, letting you know that it is time to change it in order to keep your accounts secure.  A similar feature is also available on Google’s Chrome browser.

There are other tools also available to determine whether your log-in credentials have been compromised at some point.  The most popular option is ‘Have I Been Pwned?’

Red Sky Alliance is   a   Cyber   Threat   Analysis   and   Intelligence Service organization.   For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com  

Weekly Cyber Intelligence Briefings: https://attendee.gotowebinar.com/register/8782169210544615949 

[1] https://www.infosecurity-magazine.com/news/microsoft-president-collaboration/

[2] https://www.slashgear.com/microsoft-edge-is-the-latest-browser-to-get-leaked-passwords-warning-21656249/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!