From The Sip Trunking Experts

TMCNet:  Windows 8 Sync Settings - Security Hole

[February 15, 2013]

Windows 8 Sync Settings - Security Hole

Originally posted on VoIP & Gadgets Blog, here:

Windows 8 has a cool new feature that lets you login with your cloud-based Microsoft account (,, and it will synchronize your settings between Windows 8 PCs, but with a "security catch". We'll get into that in a moment. First, here's a list of features and settings that you can sync:

  • Personalize - Colors, background, lock screen, and your account picture
  • Desktop personalization - Themes, taskbar, high contrast, and more
  • Passwords - sign-in info for some apps, websites, networks, and HomeGroup
  • Ease of Access - Settings for Narrator, Magnifier, and more
  • Language preferences - Keyboards, other input methods, display language, and more
  • App settings - Certain settings in your apps, but not all
  • Browser settings - Internet Explorer history and bookmarks/favorites
  • Other Windows settings - Windows Explorer, mouse settings, and more
  • Sign-in info - For some apps, websites, networks, and HomeGroup
Looking at this list, you'd probably be just as excited as me. If you have a Windows 8 tablet and a Windows 8 PC, now you can easily view the recent websites you viewed in either due to the  "shared" History. That feature has already come in handy for me several times. I also like how I can have a picture of my family, dog, or my favorite picture on the lockscreen of all my devices. I set it one one device and it automatically syncs it to the others. Easy peasy!

But here's the problem. You must use a Microsoft cloud-based account for sync settings to work and you cannot use a local account. Why is this bad Well, suppose Hotmail gets hacked and the hackers gain access to your Microsoft account credentials. Now, not only can they access your email, but they can Remote Desktop to your home PC and access every photo, every video, every confidential financial file - everything. Your entire digital life is laid bare.

Now you could argue that the hackers would have to know your IP address in order to login (via Remote Desktop) using your stolen Microsoft account credentials. Fair enough. But who's to say Microsoft doesn't store the last IP address used when you logged in Let's go a bit deeper. What's to stop a Microsoft employee from logging into your home PC and seeing you have a pirated copy of Microsoft Office along with thousands of pirated movies What's to stop a Microsoft employee from logging into their ex-boyfriend's/ex-girlfriend's PC for nefarious purposes

The only workarounds to this major "potential" security hole are:
  • Disable Remote Desktop (not feasible for many users, since it's so useful)
  • Change the Default Port for Remote Desktop from 3389. Though this will only slow a determined hacker or Microsoft employee
  • Switch to VNC remote desktop sharing program (& disable Remote Desktop)
  • Switch to a local account (Unfortunately, you lose the benefits of 'synching' across your Windows 8 devices) smiley-cry
Now here is where it gets interesting. I have two Windows 8 PCs joined to a corporate domain, one Windows 8 tablet joined to a corporate domain, and one home Windows 8 PC not part of a domain. For all of my domain-joined Windows 8 PCs (& tablet), I am not required to use a Microsoft account. I can simply "link" my domain account with my Microsoft account, but continue to use my domain credentials to authenticate / log-in to my PC either locally or via Remote Desktop when remote. Here's a screenshot showing how my domain account can be linked with my Microsoft hotmail account (blurred for privacy):

Continue reading Windows 8 Sync Settings - Security Hole...

Tags: , , , , , , , , Related tags: , , , , ,

Related Entries
  • New Hotmail/Outlook Sucks on iOS & Android & Why That's Good for Microsoft - Jul 31, 2012
  • It's the Tablet Size Niches! - Feb 07, 2013
  • Telefonica Looking for Channel Partners to Crack U.S. Market - Jan 31, 2013
  • Windows 8 Tablets Will Beat Apple & Android - Dec 05, 2012
  • Voxbone Global DID Numbers Come to Aculab Cloud Platform - Nov 13, 2012
  • How to Setup a Wi-Fi HotSpot in Windows 8 - Oct 31, 2012
  • Skype for Windows 8 Launches Simultaneously with Windows 8 & Microsoft Surface - Oct 22, 2012
  • ITEXPO West 2012 Videos - Oct 04, 2012
  • Windows 8 & Windows 8 RT Metro/Modern UI Lync App Coming Soon - Sep 21, 2012
  • Windows 7 Ultimate Upgrade to Windows 8 Problem Solved! - Sep 20, 2012
  • TrackBacks | Comments | Tag with | VoIP & Gadgets Blog Home | Permalink: Windows 8 Sync Settings - Security Hole

    [ Back To SIP Trunking Home's Homepage ]

    Subscribe here for your FREE
    SIP TRUNKING enewslettter.

    Featured Partner

    Featured Whitepapers

    SIP Security for the Enterprise
    Voice over IP (VoIP) is incorporated into a variety of computer networks, both public and private, and used for everyday transactions and communications among carriers, businesses, government agencies...

    Making A Broadband Purchase Decision
    Businesses today have many options for broadband connectivity. Clarifying your particular business needs prior to selecting a broadband provider will ensure an optimal match of broadband service to your requirements.

    Voice-Optimized Network Delivers Premier Call Experience
    Customers equate call quality with business quality. Real-time communication, interpersonal interaction, and the cordial tone of a call center representative can create a positive impression of your business that no email can match.

    Featured Case Studies

    Business Telecom Expenses Reduced 50%
    A small to medium sized company in the midwest was interested in migrating to IP Communications, but in today's economy, they were hesitant to upgrade their communication system due to their perception that the cost would outweigh the benefits.

    Multi-State Company Cuts Telecom Costs 50%
    A multi-site, multi-state company with extensive monthly long distance fees and toll-free charges did not have adequate broadband for Broadvox SIP Trunking requirements, nor did they have a SIP enabled telephone system.

    Discover Leisure Connects Remote Users to its IP-PBX
    Discover Leisure is one of the largest resellers of caravans and motor homes in the UK. With 15 branch of?ces all over the country, the company spent a great deal of money every month just on internal phone calls.

    Featured eBOOKS

    Internet+: The Way Toward Global Unified Communication
    Connecting the telephony of the enterprise PBX or Unified Communications (UC) system using SIP trunks instead of conventional telephone lines has been very successful in recent years.

    What is SIP Trunking? Edition 2
    SIP trunking is becoming more of a focus for service providers. One key issue many service providers face when deploying SIP trunks is NAT, or Network Address Translation, traversal.

    What is SIP Trunking? Edition 1
    A vast resource for information about all things SIP - including SIP, security, VoIP, SIP trunking and Unified Communications.

    Featured Videos

    Broadvox VAR Testimonial VAR 1:
    Part 1 of the VAR (Value Added Reseller) Partner Program Testimonials for Broadvox...

    E-SBCs AS The Demarcation Point:
    Ingate's Steve Johnson talks to Erik Linask about the role session border controller plays as the demarcation point at...

    Demystifying DPI
    How can deep packet inspection protect your SIP traffic as well as your entire network?

    Featured Resources

    Partner Program Overview:
    Over 4,000 VARs, Master Agents, Solution Providers, and Independent IT Professionals trust Broadvox. We offer customized services and solutions to fit seamlessly into any company's business model. And when you partner with Broadvox, every member of our team stands behind you and your customers 100%...

    SIP Trunk UC Summit

    What's New

    Presenting the New Ingate/Intertex Website:
    Internet+ is an extended Internet access allowing high quality SIP (Session Initiation Protocol) based real-time person-to-person communication, everywhere and for any application. It applies to both fixed and mobile networks ...

    Featured Blogs

    Featured Webinars

    Secure SIP Trunking:
    What You Need to Know

    Successfully Deploying Enterprise SIP Trunking:
    Tools and Techniques for Overcoming Common Roadblocks

    Featured Podcasts

    Getting the Most Out of Your SIP Trunks:
    Ingate's Steve Johnson and TMC's Erik Linask discuss how best practices forgetting the most out of SIP Trunking services and common pitfalls to avoid.

    Featured Datasheets

    Ingate SIParator E-SBCs
    Adopting SIP is a simple process with the Ingate SIParator, the secure enterprise session border controller (E-SBC). The SIParator makes secure SIP communications - including VoIP,SIP trunking and more - possible while working seamlessly with your existing network firewall.

    Ingate Firewalls
    Everyone is talking about enterprise usage of VoIP, instant messaging and other types of realtime communications including presence and conferencing.

    SIP Trunk Solutions for Service Providers
    The award-winning Ingate Firewall and Ingate SIParator deliver a high quality, reliable SIP trunk connection between the customer's IP-PBX and the service provider network, and solve interoperability issues to simplify deployments and support for remote diagnosis of reported issues.