It would seem this only affects accounts of those who've fallen victim to a phishing scheme. If you haven't entered your Live/Gmail/Hotmail password on a bogus website, there's no immediate need to change passwords.
From: Kim Longenbaugh [mailto:[email protected]] Sent: Tuesday, October 06, 2009 11:00 AM To: NT System Admin Issues Subject: RE: SANS Diary: Time to change your hotmail/gmail/yahoo password Yes, I missed it too. Thanks for the post. Gotta run, I'm busy changing passwords.. _____ From: Micheal Espinola Jr [mailto:[email protected]] Sent: Tuesday, October 06, 2009 9:53 AM To: NT System Admin Issues Subject: SANS Diary: Time to change your hotmail/gmail/yahoo password I missed this yesterday, did you? http://isc.sans.org/diary.html?storyid=7276: Microsoft has confirmed that thousands of Windows Live accounts have been compromised with their passwords posted online. Mainstream media such as the BBC are also carrying the story. Some information is posted here <http://windowslivewire.spaces.live.com/blog/cns!2F7EB29B42641D59!41528.entr y?wa=wsignin1.0&sa=363915619> . UPDATE: Gmail and Yahoo are also affected by the compromise. Change all passwords on any of these popular webmail sites. Some does and don'ts: * Do change your passwords on a regular basis (every six months or so) * Do use long complex pass-phrases rather than passwords where you can * Do change all of your passwords if you notice something suspicious * Do take identity theft seriously * Do use up-to-date anti-virus and a firewall * Do NOT click on links in emails, ever * Do NOT use the same password at multiple sites -- ME2 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
