This week: a lil teaser about Blockchain and how your Skype account got hacked

Skype spam messagesBlockchain is growing in importance with every day passing by. This is the reason why I plan dedicated posts, not mixed with the rest of my areas of interest. The series of posts that I prepare will follow a simple pattern:

 

  • The history of Blockchain and brief description of the technology
  • Application of Blockchain with financial services in focus
  • Overview of Blockchain projects, startups and ideas

Once I finally get the time to condense all the info I have collected into the planned brief blog posts, you will hear from me. But I do believe this will happen in the next 2 weeks.

Now about Skype. Few weeks ago I woke up late on a Sunday morning to find out that my Skype account has been sending spam messages to my contact list. That kinda hurt my feelings as I tend to have decent security in place and until then used to LOL on all skype accounts that sent me these messages.

It took me about 2 days to ping all my friends, colleagues, business contacts not to click these links (the screenshot above is real, unfortunately). Not surprisingly also changed my password, but I promised to myself to do some research.

There are several ways how the hackers could have guessed my password – brute force attack, getting the answer to my secret question, Microsoft leaking my password (Skype was acquired by MS). My password was a strong one (as usual), same with my secret question. The resulting research showed that other users had password of 15 chars and above, plus special chars, and still got hacked. And after changing their password, some of them got hacked again.

The anatomy of the hacking activity was well described in 2015. The hacker would search for an account with weak password, then break the password and start sending messages to all contacts of this account. The messages contain a seemingly legitimate link e.g. link from Baidu and when the link is clicked the URL will lead to the hackers site, record the username of the user that clicked and then forward to another site e.g. diet site. Thus the attacker knows that a skype ID is valid and in use (so it makes sense to break in and spam further). More than 1 year later Microsoft has still not taken sufficient action to prevent this from happening and this is all that Skype offers on the topic.

In case you have a Microsoft account things do not stop here. Apparently, after the acquisition, all Skype logins were merged into Microsoft’s own login system. This allows for the hackers to log in into an MS account with weak (or hacked) skype credentials, even bypassing enabled 2 factor authentication although it was configured for the initial MS account. Big thanks to Jukka-Pekka for summing it all up. And go check your MS account, you might have a ticking bomb there.

Bottom line, the hack seems to pass even one year after it was reported. A hacked account could send thousands of identical spam messages without the message being automatically blocked or flagged. All this is happening at the end of year 2016!

It is still unclear, how long and seemingly secure passwords have been repeatedly compromised. Looking forward to somebody finding the missing link e.g. if our Skype passwords were leaked.

First reads for 2016

It has been busy two months of the new year so my compilation of reads comes relatively late. Hope you will discover something  interesting for you too:

Enjoy the reads!

The DON’Ts of ecommerce customer service

My post today is about my appalling experience with Gearbest.com, a not so small or unknown ecommerce site.

So some months ago I saw an ad on Facebook of a good looking hoodie. This is an actual photo of the piece of clothing. I naively thought I deal with a US company.

Hoodie product pic

What I found weird was the low price but very good looks so I bought it. During checkout it said delivery takes up to 30 days but I thought these guys are shipping through some super cheap channel and this justifies the price.

What arrived about 30 days later was a hoodie that barely looked like the one above, was of very poor quality and the worst part – it came in the wrong size. Actually the size was L (according to the marking on the textile) but the actual one felt like S. I could not even try it without stretching and risking to tear it apart. I put a picture of the hoodie over a size L of a tight polo sweater.

Original Hoodie

So I asked the support people at Gearbest to refund me as I want to send back the hoodie. And it turned out to be a nightmare.

Message 1

Their first reply was relatively swift.

Reply 1

But it did not seem very fair, right? They messed up my order and I have to pay shipping which in this case comes at the price of the hoodie. Or I get 2 USD refund which can be seen as a joke but not taken seriously.

Then followed my a bit angry answer (ups).

Message 2

And then followed no reply. For about 1 month.

Reply 2

Now you take a look at the 2 pics and tell me if there is a “little difference”? And as said it does not even fit me so the “little differences” add up quite un-nicely. 🙂

Anyway I answered the guys that this is unacceptable and do not expect an answer for them. One thing is sure – such poor customer experience contrasts very stark with other e-commerce businesses like Amazon, Zappos etc.. And it is just not acceptable.

Talk to you soon!

Update: Here is the answer from Gearbest.

reply 3

And here is the conversion chart, pay attention to the 2 sizes difference between the chinese manufacturer and rest of the world. I cannot recall having this table when I ordered too. 🙂

gearbest size differences

Yep, you can lose your notes in Evernote

Evernote is one of the apps that shape my day. Keeping notes is easy and fast, categorizing and finding what you need is a no brainer. In sum, I love Evernote.

But I had quite a hiccup with it in February. Long story short, an important note of mine disappeared. Irrecoverably. So now every time I use Evernote I ask myself if my data is actually safe.

It all started one day in February when my Mac asked me to update some apps. One of them was Evernote. It is not something unusual so I said yes as usual.

The update started and Evernote crashed. After the update reopened and I could use it again.

Murphy´s Law

An hour later I was looking for an important business TODO note that I update daily. It was THE NOTE from all of my notes. Surprisingly was not appearing any more and I could find a version from December only. After some searching I had to revert to the support line.

Support Fiasco

What I was not suspecting at this time is that my support experience will take quite some time. After sending several support requests and getting no answer. I ended up in some kind of support forums where I got an answer almost immediately but it was not an answer that can solve my problem. After several days of waiting and re-sending my case I finally read that paid clients get better support. So I joined Evernote Premium.

This is where I felt – ok, I was not paying so obviously cannot expect special treatment. Yet, solving a technical issue and specifically data loss should not be something limited to paid membership. In the end Evernote is all about data and there is an established belief that your data is safe in the cloud.

Now that I was a paid member, I had the pleasure to talk to a human being and actually very amiable person by the name of Ben.

Data is Gone. With the Wind

In a matter of several days Ben walked me through all hidden places of the system, asked me to check logs, visit the web version, change settings. But in the end had to admit that my note was gone. Irrecoverably. Ouch, that hurt.

Apparently the note had no ID inside the Evernote cloud and once the app crashed and restarted the note was deleted.

As said, I love Evernote but this incident shook my flawless perception of the product. They lost my business planning from last months plus tasks for next several months. I eventually recovered stuff from here and there but there was serious damage caused.

In my humble opinion number 1 priority of a cloud company is to ensure its users data is safely and securely stored. All the rest of improvements and gimmicks I am getting for years are rarely having any impact on my usage or speeding up my work. I still don’t get it how is it possible to have such a problem in a mature and established product but shit happens.

End of Story

Ben gave me 6 months free Premium membership. I did not get use of it. Still using Evernote though.

Which alternative products do you use? And is there a good alternative to Evernote?