Microsoft’s lush RedWest campus. Microsoft On July 24, 2013, a Microsoft vendor employee working at the company’s RedWest campus in Redmond had a piece of good fortune—he found a Muvi USB video camera just lying in the footpath between buildings. He picked up the camera, only later taking a look at the footage on the device, which revealed that his good fortune was actually evidence of a crime. The Muvi camera contained “upskirt” video footage of women climbing stairs or escalators—or sometimes just standing in checkout lines—and some of it had been shot on Microsoft’s campus. The vendor employee reported the incident to Microsoft Global Security, who took possession of the camera on July 26. To find the camera’s owner, two Global Security investigators pulled up Microsoft’s internal security camera footage covering the RedWest footpath. They began by locating the moment when the vendor employee walked into the frame, paused, and bent down to retrieve the camera off the ground. Investigators then rewound the footage to see who had dropped it. At the 11:24am mark, they saw a man in a collared shirt and reddish pants walk out of a RedWest building and walk along the footpath. Then, at 11:25am, the vendor employee appeared and picked up the camera. At 11:26am, the man in the reddish pants suddenly returned to the picture. According to a later report from the Redmond Police Department, he was “rushing” back to the RedWest building he had just left and appeared “nervous, frantically looking around.” He eventually used a keycard to re-enter the RedWest building. Read 6 remaining paragraphs | Comments
Visit site:
Creepshots: Microsoft discovers an on-campus peeping tom
An anonymous reader writes “Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?.” Read more of this story at Slashdot. 
