Unified Communications Industry News

TMCNet:  Windows 8 Sync Settings - Security Hole

[February 15, 2013]

Windows 8 Sync Settings - Security Hole

Originally posted on VoIP & Gadgets Blog, here: http://blog.tmcnet.com/blog/tom-keating/microsoft/windows-8-sync-settings---security-hole.asp.

Windows 8 has a cool new feature that lets you login with your cloud-based Microsoft account (@hotmail.com, @live.com, @outlook.com) and it will synchronize your settings between Windows 8 PCs, but with a "security catch". We'll get into that in a moment. First, here's a list of features and settings that you can sync:

  • Personalize - Colors, background, lock screen, and your account picture
  • Desktop personalization - Themes, taskbar, high contrast, and more
  • Passwords - sign-in info for some apps, websites, networks, and HomeGroup
  • Ease of Access - Settings for Narrator, Magnifier, and more
  • Language preferences - Keyboards, other input methods, display language, and more
  • App settings - Certain settings in your apps, but not all
  • Browser settings - Internet Explorer history and bookmarks/favorites
  • Other Windows settings - Windows Explorer, mouse settings, and more
  • Sign-in info - For some apps, websites, networks, and HomeGroup
Looking at this list, you'd probably be just as excited as me. If you have a Windows 8 tablet and a Windows 8 PC, now you can easily view the recent websites you viewed in either due to the  "shared" History. That feature has already come in handy for me several times. I also like how I can have a picture of my family, dog, or my favorite picture on the lockscreen of all my devices. I set it one one device and it automatically syncs it to the others. Easy peasy!

But here's the problem. You must use a Microsoft cloud-based account for sync settings to work and you cannot use a local account. Why is this bad Well, suppose Hotmail gets hacked and the hackers gain access to your Microsoft account credentials. Now, not only can they access your email, but they can Remote Desktop to your home PC and access every photo, every video, every confidential financial file - everything. Your entire digital life is laid bare.

Now you could argue that the hackers would have to know your IP address in order to login (via Remote Desktop) using your stolen Microsoft account credentials. Fair enough. But who's to say Microsoft doesn't store the last IP address used when you logged in Let's go a bit deeper. What's to stop a Microsoft employee from logging into your home PC and seeing you have a pirated copy of Microsoft Office along with thousands of pirated movies What's to stop a Microsoft employee from logging into their ex-boyfriend's/ex-girlfriend's PC for nefarious purposes

The only workarounds to this major "potential" security hole are:
  • Disable Remote Desktop (not feasible for many users, since it's so useful)
  • Change the Default Port for Remote Desktop from 3389. Though this will only slow a determined hacker or Microsoft employee
  • Switch to VNC remote desktop sharing program (& disable Remote Desktop)
  • Switch to a local account (Unfortunately, you lose the benefits of 'synching' across your Windows 8 devices) smiley-cry
Now here is where it gets interesting. I have two Windows 8 PCs joined to a corporate domain, one Windows 8 tablet joined to a corporate domain, and one home Windows 8 PC not part of a domain. For all of my domain-joined Windows 8 PCs (& tablet), I am not required to use a Microsoft hotmail.com/live.com/outlok.com account. I can simply "link" my domain account with my Microsoft account, but continue to use my domain credentials to authenticate / log-in to my PC either locally or via Remote Desktop when remote. Here's a screenshot showing how my domain account can be linked with my Microsoft hotmail account (blurred for privacy):

Continue reading Windows 8 Sync Settings - Security Hole...

Tags: , , , , , , , , Related tags: , , , , ,

Related Entries
  • New Hotmail/Outlook Sucks on iOS & Android & Why That's Good for Microsoft - Jul 31, 2012
  • It's the Tablet Size Niches! - Feb 07, 2013
  • Telefonica Looking for Channel Partners to Crack U.S. Market - Jan 31, 2013
  • Windows 8 Tablets Will Beat Apple & Android - Dec 05, 2012
  • Voxbone Global DID Numbers Come to Aculab Cloud Platform - Nov 13, 2012
  • How to Setup a Wi-Fi HotSpot in Windows 8 - Oct 31, 2012
  • Skype for Windows 8 Launches Simultaneously with Windows 8 & Microsoft Surface - Oct 22, 2012
  • ITEXPO West 2012 Videos - Oct 04, 2012
  • Windows 8 & Windows 8 RT Metro/Modern UI Lync App Coming Soon - Sep 21, 2012
  • Windows 7 Ultimate Upgrade to Windows 8 Problem Solved! - Sep 20, 2012
  • TrackBacks | Comments | Tag with del.icio.us | VoIP & Gadgets Blog Home | Permalink: Windows 8 Sync Settings - Security Hole

    [ Back To Unified Communications's Homepage ]

    Request a Quote
    Become a Partner
    White Papers
    Customer Service in the Age of the Cloud
    The ability to provide excellent customer service matters more than ever, given the expectations of consumers today. Take a recent report from Microsoft on the state of customer service, for example ...
    Cloud Solutions Take the Stress Out of Moving Offices
    Moving offices or opening a new location can be a serious challenge.The logistical hurdles can be daunting...
    Case Studies
    Gilbane Company Building
    Gilbane works on large construction projects that typically last about 1-3 years. As a result, project trailers need to be equipped with a state-of-the-art phone solution but capital cost constraints prohibit purchasing equipment that will only be used for a few years...
    Sable Natural Resources
    Sable Natural Resources required a more flexible voice solution with advanced capabilities in combination with cost savings...
    Product Sheets
    Fusion360 & FusionWorks
    Fusion offers a 360 degree view of the communications solutions your company needs to succeed. Fusion360 provides you with the stability of a traditional PBX phone system and the advanced unified communications features that only a next generation ...
    Fusion offers a 360 degree view of the communications solutions your company needs to succeed ...