a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment
goobster  ·  1557 days ago  ·  link  ·    ·  parent  ·  post: I just got hacked

The hack process is so familiar with my normal everyday usage of MS products...

A coworker click a really simple "Share this!" button in an MS Office 365 product, to share a file with you. Easy, right?

So you click the link and are taken to the web page...

... oh, but first you need to authenticate your login name and password to this OTHER instance of Microsoft Office 365, because it's not federated to the same MS Office 365 instance you are currently logged in to...

... and then once you log in, it loses track of what you were trying to, so you go back to the original link the person sent you in email, click it again, and then you get into the system to download the file they wanted to share with you.

And this is the normal process for sharing a file via Microsoft's oh-so-helpful tools!

You literally go through about 7 different redirect web pages, all lightly branded with MS logos and verbiage, before finally having to re-do the initial action, because MS has redirected you so many times even they don't know what you were originally trying to do.

So you do it again.

Now, a hacker only needs to gain control of ONE of those redirects, duplicate the generic design of a bunch of generic MS pages, and even a savvy user like myself has NO IDEA that the URL changed in mid-redirect to some nefarious nogoodnik's page, and has now stolen your login credentials.

God I hate Microsoft's software...