Comment Re:Yes, but other than that, how did you like it? (Score 1) 453
This is also very informative, at least for me, as it gives me one more reason to avoid Win 8 as i had no idea everything in their new appstore was tied to hotmail. So Barance thanks for submitting this article, most grateful. Sorry about the poor bastard that tried Hotmail and got pwned but there is a good reason why many of us avoid hotmail like the clap.
First things first, Hotmail != Live ID. A Hotmail (or Live.com) account is a Live ID, but a Live ID does not need to be a Hotmail account. It can be any email address you want. My Live ID is my gmail account.
Second, this isn't anything new. Xbox and Windows Phone both use Live ID as the ID into their stores. This is no different than Google requiring a Google account for Android or Apple requiring an iTunes account for iOS/OS X app stores. Windows 8 takes it one step further by giving you the option of using your live ID as your Windows login, but it's not required. You can still use a regular local user, or a domain account if you're on an AD domain.
Third, the author of the article obviously sucks at using strong passwords. A 7-character, all lower-case alphabetical password is just begging to be cracked. Even with thottling in place on Microsoft's services, that could be brute-forced in a trivial amount of time even without a dictionary attack (assuming no throttling or login attempt limits, it would take approximately 32 seconds to crack). He's blaming the tools when he should be blaming his own password management skills. Hacking of Live IDs is no more rampant than hacking of Google accounts or iTunes accounts. Well, okay, not entirely true -- there have been plenty of social engineering hacks through Xbox Live. Stuff like, "Send me your login credentials and I will get achievements for you" or Points scams or whatever. But there's nothing Microsoft can do about social engineering short of identifying the culprits and taking action against them after the fact.