After the disaster of blocking .info domains a couple of weeks ago and the attention it got, Microsoft have released a statement justifying their reasons behind the controversial security method:
In order to prevent the spread of a malicious advertising effort that included Windows Live Messenger accounts as targets, Microsoft took steps to block instant messages that include the words '.info' and a few additional key words to protect our customers. The targeted accounts were sent either info or another URL, which led to a website asking them to provide their Windows Live user id and password. If the customer provided that information, the user's complete contact list also received a message with the domain site link. This was not a Microsoft sponsored effort, and in order to prevent the spread of it through our service, instant messages that include the words '.info' and a few additional key words have been blocked. This action may block some safe, reputable sites and we apologize for any inconvenience this may cause our customers, however, given the circumstances this action was necessary. In an effort to remedy this moving forward, Microsoft continues to investigate other ways to protect our consumers from this threat.
Microsoft recommends that Windows Live Messenger users do not provide their account information to third-party sites. To learn more about how to recognize a social engineering threat, more information is available at http://www.microsoft.com/athome/security/email/socialengineering.mspx. In addition, Microsoft continues to encourage people to follow the 'Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at www.microsoft.com/protect.
Microsoft recommends that Windows Live Messenger users do not provide their account information to third-party sites. To learn more about how to recognize a social engineering threat, more information is available at http://www.microsoft.com/athome/security/email/socialengineering.mspx. In addition, Microsoft continues to encourage people to follow the 'Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at www.microsoft.com/protect.
Personally, despite the reasons behind the block still not valid in my opinion, the sloppiness of the feature has been changed so not every message with '.info' within it is blocked. Now '.info' is only blocked in things that Messenger recognises as URLs and turns into clickable, blue links. The user will also be notified that their message never went through, but they will not receive an explanation why.
Any virus creator can just encode the URL or use services such as TinyURL to work around this. The people losing out are me and you, who need to send non-dangerous messages to our friends and work colleagues every day.
I still believe things should be blocked on a case by case basis (if not blocked at all). The feature is still poorly implemented, but after the attention of the past week hopefully something will be done soon.
For me it wasn't that much of an annoyance, I've been receiving a swarm on hits since all this was revealed, maybe I should stop complaining?
>> Source: mess.be
|
|
Did you like this news post?
You can get all the latest articles at msgstuff.com in your email inbox each morning by entering your email address below.
Your address will only be used for mailing you the articles, and each one will include a link so you can unsubscribe at any time.
If you have an RSS reader, I recommend you subscribe to the Full RSS Feed
|
Comments:
Add Comment: