Microsoft Account Gets More Secure with Two Factor Authorization

ICYMI, your Microsoft Account will get more secure as the team rolls out a new upgrade which includes two-step verification, as noted on the Bing newswire. This will improve the security of the devices and services currently used by more than 700 million people worldwide, including Windows PCs, Phones, Xboxes, and services like, SkyDrive and Skype.

Microsoft has increasingly focused on delivering connected devices and services that are currently used by more than 700 million people around the world. A Microsoft account is the key that unlocks your experience across these products—from your Windows PC to your Windows Phone, from Xbox to, from SkyDrive and Skype to Office and much more.

Given this critical role for Microsoft account, we remain vigilant in working hard to protect your account, which is why we’re adding an option so you can enable two-step verification to further protect yourself. You should see this option show up in your account in the next few days. You can enable this capability at

Two-step verification is when we ask you for two pieces of information anytime you access your account — for example, your password plus a code sent to a phone or email on file as security info.

More than a year ago, we began bringing two-step verification for certain critical activities, like editing credit cards and subscriptions at and, or accessing files on another one of your computers through For these scenarios, two-step verification is required 100 percent of the time for everyone, given the sensitive nature of these tasks.

Read more from Eric at the link above.


Whatever the case: Be prepared

So, this post has nothing to do with our technology, but as any IT Pro knows, you have to be prepared for just about anything.

If you're ready for a zombie apocalypse, then you're ready for any emergency.

From time to time, I offer other advice that will hopefully ring true, and I think that this is such a case.

Following the recent events in New Zealand and Japan, I thought to take steps to check on our own emergency preparations at home. I clearly remember living through the San Francisco earthquake in 1989, and more recently the extreme cold and windstorm of December 2006 that cut off power to our own neighbourhood for nearly two weeks. I was also happy to see a recent post (with some humour) from the CDC posted here (and supported at right) sharing a few tips about preparing for real emergencies in addition to educating people on just what is a zombie apocalypse.

Shortly after the Japan earthquake on March 11, 2011, a mutual friend’s daughter who lives in Tokyo sent this email to her family, summarizing her experience. I asked and they agreed to share this first-hand information about what she could have done to be better prepared. It really brings the experience closer to home, and should taken seriously by anyone who lives in areas where earthquakes are likely to happen. (Of interest is the following link: As the quake wasn’t over when the first shaking stopped, all recovery activities had to take place in an environment of powerful aftershocks.)

Dear Mum,

I had bottled water and batteries but I wish I had stocked way more. The stocks in the stores disappeared in a flash and even two weeks down the track the small batteries trickle in but the two bigger sizes are still scarcer than hen’s teeth even in Osaka which is way, way away from any "affected" area. I will be on the lookout for poly bags to fill with water. Outside, with radiation floating about buckets are no chop (and inside, water sloshes out when there is a decent aftershock). I use those plastic PET bottles and I have a big camp water tank but they take up so much space when not in use. Water, water, water – to drink, and to wash dishes, self

I wish I had had a hard hat for everyone. I got bonked on the head by falling decorations. I was glad of shoes as there was broken glass everywhere. I had cotton gardening gloves but I wish I had thought to buy sturdier working ones.

Had solar recharger and batteries to recharge the mobile phones without electricity. As it turned out in the initial few days, the mobile phone network was so jammed up you couldn’t use them anyway. 

I had candles but frankly felt they were dangerous with aftershocks continuing and possible gas leaks. Didn’t think of that. The tall thin ones were useless – better were the short very fat ones – I had citronella ones in small metal buckets that we used camping to deter bugs. Very stable – nice smell to boot.

I will have more cash tucked away the next time. Hard to get to the bank/worst hot areas banks not working anyway. This time we were okay but if we had been in a harder hit area I would have been caught short I suspect.

I was glad of the canned food for the dog. She normally eats raw meat but I couldn’t get any for days!

Entertainment like cards! Whiling away the time … more of a problem than I think anyone anticipated – especially for kids stuck in an evacuation center or in Tokyo during a blackout without TV etc. Kids terrified so a good distraction too.

You never know the timing. I would have been sunk if I was at work. Flat shoes in case you have to walk home – a long, long way! In Tokyo, many people hadn’t a clue HOW to get home on foot. Family needs to have a plan – where to meet, a strategy to establish contact – in case not at home or all together. I am thinking of having some chocolate and a small bottle of water in my handbag. One of the most difficult things for me was having to leave Aimee and the dog home alone when we were still having terrible aftershocks in order to get obaasan and Elissa from where they were. I will talking to the neighbors to see if we can cooperate if there is a next time.

Things the evacuated people in the worst hit areas want more of:

Sanitary napkins and disposable nappies

Little toothpastes and toothbrushes (it is apparently bearable not to have a bath but horrible not to be able to brush your teeth! I would never have thought of that.)

Shampoo that doesn’t require water.

Loo paper – runs out quick (unless you are happy with leaves) and old telephone books/ newspaper may not be available

Medicines – non-prescription (pain relief, diarrhea (sp??) and MORE IMPT A LIST OF NAMES OF PRESCRIBED MEDICINES. Apparently a lot of the oldies have no idea what they were taking and their supplies got washed away, causing a real headache not to mention dangerous situation with people having to go cold turkey. Antiseptic wipes – little water to wash hands properly and bugs like flu/norovirus are spreading like wildfire.

Key points:

Being able to keep warm, see (light) and eat (everyone craved a hot meal but all emergency meals were cold)

A bible – great reading (history/adventure/murder -mystery/poetry etc. all in one) plus GREAT comfort. 

Had rucksacks but not applicable this time. Even in Tohoku – few people had time to get their bag. For us in Tokyo a bit further away – all supplies in a readily-available place – together – not scattered about – that EVERYONE knows about! Photocopies of important documents – passbooks, passports, insurance held preferably at a different place!

Can’t think of anything else right now….


A recent article on the events unfolding in Japan in the Seattle Times included a disaster preparedness checklist (available here online that you can print out at home) that outlines the basis you may want to have on hand in case of an emergency. As noted in the article on a Seattle Childrens’ pediatrician blog, there’s good information that will help prepare you and your family for disasters and emergencies, with lists of what to have on hand in your home. Additional information is available from the King Country Red Cross site and from the City of Seattle’s Preparedness site.

Of course, this is all a lot of information to take in. There are likely some great community programmes to leverage in your own area. Look for them in your own neighborhoods or your local emergency management office.

And be prepared.

(This will be a good segway to my next email on the upcoming situation we expect to occur in Russia. But, if you’re a regular reader, you already know about this issue.)

Delicious Bookmark this on Delicious Bookmark and Share

Posted at


Announcement: Microsoft Security Advisory 2490606: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

This just published on TechNet’s Microsoft Security Advisories and notred on the MSRC Blog: details on Microsoft Security Advisory 2490606, Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution…

Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Affected Software:

  • Windows XP Service Pack 3 and Windows XP Professional x64 Edition Service Pack 2 
  • Windows Server 2003 Service Pack 2, x64 SP2 and SP2 for Itanium-based systems
  • Windows Vista Service Pack 1 and SP2, as well as Windows Vista x64 Edition SP1 and SP2
  • Windows Server 2008 RTM

Non-Affected Software: Windows 7 for 32-bit and x64-based Systems, Windows Server 2008 R2 for x64-based and Itanium-based systems.

As noted, teams are are working to develop a security update to address this vulnerability. The circumstances around the issue do not currently meet the criteria for an out-of-band release; however, we are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog.

As always, we encourage Internet users to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at Home.

For more details on the Security Advisory you can subscribe to our comprehensive alerts here to receive email when there’s new information.


Tags: Security, what I read, Microsoft, Windows 7.

MSRC references: Security Advisory, Workarounds, Defense-in-depth, Exploitability

Delicious Bookmark this on Delicious Bookmark and Share

Also available via


Announcement: security bulletin MS10-087 update for Microsoft Office

The Microsoft Malware Protection Center has a post noting security bulletin MS10-087, which addresses a number of critical vulnerabilities in how Microsoft Office parses various office file formats. This was addressed in November, in the MS10-087 update.

One of them is CVE-2010-3333, “RTF Stack Buffer Overflow Vulnerability,” which could lead to remote code execution via specially crafted RTF data. A few days before Christmas, we received a new sample (sha1: cc47a73118c51b0d32fd88d48863afb1af7b2578) that reliably exploits this vulnerability and is able to execute malicious shellcode which downloads other malware.

If you use Microsoft Office, you may install the update via Windows Update (aka WU): go to to learn more about how to use WU. You can launch WU by clicking the Start button on your Windows computer, then click All Programs and select Windows Update.


Tags: Microsoft, how to, customer support, customer service, Microsoft Office.

Delicious Bookmark this on Delicious Bookmark and Share

Also available via


Is that really an email from the EFPTS? Don’t get caught buy a phishing attempt

animals,boys,children,fishes,fishing,fishing nets,fishing poles,leisure,persons,Photographs,sports,sports equipment So, you may be asking yourself: why is the EFTPS contacting me? And who the heck is EFTPS?

It’s likely a phishing atempt.

The EFPTS is a service offered free by the U.S. Department of the Treasury to help business and individual taxpayers conveniently pay all their federal taxes electronically (as noted on their website). This time of year, people receiving an email from the EFPTS may be concerned as they may make Federal tax payments on line in the States

But, as noted on their home page the EFTPS, this is someone trying to get your bank information and other personal identifying information, also known as “PII”. This from their home page at  

Remember! EFTPS values your privacy and security and will never attempt to contact you via e-mail. If you ever receive an e-mail that claims to be from EFTPS or from a sender you do not recognize that mentions a payment made through EFTPS, forward the e-mail to or call the Treasury Inspector General for Tax Administration at 1.800.366.4484.

After reporting a phishing attempt, you will receive an email from the IRS confirming your submission:

Please note that the IRS does not contact individuals by email.
Therefore, if you received an email claiming to be from the IRS it is a phishing attempt and should be reported to us.

Additional information on IRS phishing can be viewed here:,,id=155682,00.html

Additional information on avoiding phishing scams can be viewed here:

So, if you receive a mail from someone at the EFPTS, it’s likely not genuine. You may forard the mail (as an attachment is best) to the EFPTS as noted above.

For more info to avoid getting caught in a phishing scheme, see my post “Did you win £450,000 in a “Microsoft Lottery”? Think again: it’s a phishing attempt“.


Tags: Windows Vista, Security, what I read, twitter, Microsoft, Windows 7, Microsoft Security Essentials.

Clubhouse Tags: Clubhouse, how-to, Security, download, Microsoft Security Essentials.

Delicious Bookmark this on Delicious Bookmark and Share

Also available via