On Identity Protection

Alex Weinert has written a very informative post on How we protect AzureAD and Microsoft account from leaked usernames and passwords. There are many interesting bits in there.


On Microsoft account notifications and the activity history page

Some time ago, I wrote a post that announced the availability of the account activity history page (which I will call for short “activity page”). Today I want to discuss the use of the activity page in relation to the notification messages we send for security challenges issued by our compromise detection algorithms. Security challenges are actually triggered in two situations: when we regularly…


Microsoft account activity history feature is now online!

I am breaking silence after a long pause. I have not had much information to share here as I have mostly worked on infrastructure services with no customer facing surface. Since 2011, I have been working in Microsoft account, the authentication service that powers most of Microsoft’s services. Today we rolled out a new security…


South Korea’s worst online security breach (so far)

Long time, no posting, but here is a security related news article that drew my attention: http://www.bernama.com.my/bernama/v5/newsworld.php?id=607450 A security breach at one of South Korea’s top Web portals basically led to the loss of personal data of 35 million people. Why was the data collected? To enforce a real name policy instituted by the government…


SQL Server 2005: Execution Context

This post is based on an old presentation I gave several years back. A video of the presentation used to be available here, but today I couldn’t get it to work, so I am attempting to make available most of the information from the presentation within this post. Keep in mind that the demo associated with…


Danah Boyd’s recent privacy talks

I became aware of Danah Boyd’s research a few years ago when I somehow stumbled over one of her papers discussing social networking sites. Since that time Danah Boyd has joined MSR and more recently she gave a couple of interesting talks about privacy at SXSW and at Microsoft TechFest. The transcripts of these talks can be…


Privacy and search engines

It is no secret that search engines keep track of searches made. Any website logs accesses and most websites track your activity via cookies for reasons involving both your benefit and that of the site you’re accessing. You may be surprised to find out that even video players used for online videos come with their own…


Finding information about which account xp_cmdshell is running as

If you ever needed to debug a permission related issue when using xp_cmdshell, you have probably realized that a crucial piece of information is about what particular account xp_cmdshell is executing under. If you are the administrator of the database, you already know the context used by xp_cmdshell, but otherwise you may not have that…


bing adds twitter integration

See it work at: http://www.bing.com/twitter.  [UPDATE 10/22/2009]: Reactions: http://googleblog.blogspot.com/2009/10/rt-google-tweets-and-updates-and-search.htmlhttp://www.businessinsider.com/henry-blodget-well-what-do-you-know-google-is-actually-nervous-about-microsoft-bing-2009-10