<img src="https://secure.leadforensics.com/32105.png" style="display:none;">

Cybersecurity News, Advice and Opinion

Ex-Microsoft Employee Arrested For Leaking Valuable Information

Posted by Jo on Mar 26, 2014 9:12:00 AM

new-microsoft-logo-square-largeA disgruntled former employee of Microsoft was arrested last week for stealing secret information about Windows 8 and leaking it to a technology blogger before the operating system was released in 2012.

Software Engineer, Alex Kibkalo was employed by Microsoft for seven years, before reportedly being asked to resign from his post shortly after receiving a poor performance report in 2012. This has not been directly linked to his extra-curricular activities but it may have had something to do with it.

Kibkalo was arrested last Wednesday and faces federal criminal charges for allegedly leaking secrets to Windows 8 and Microsoft’s Activation Server SDK (Software development kit), which could be used to aid hackers in reverse engineering Microsofts anti-piracy code.

In circumstances like this, where employees have access to valuable intellectual property, it is important for businesses to make sure that when employees leave the company that their accounts are closed and access to any company information has been revoked.

One way of controlling the identity and access management within businesses would be to employ a password manager, like my1login. With this service in use, administrators can share passwords with individuals and workgroups but also quickly cease individual user access to logins when necessary. The password manager has further security benefits by allowing admins to restrict the visibility of passwords – users then have access to business systems with even knowing the login credentials.

In addition to these security features, admins also receive an audit trail that allows them to track who has access to what and when. This provides the ultimate protection from employees abusing business systems, which in turn protects the company reputation.

What makes my1login so secure?

my1logoPWMFB250my1login uses complex, multi-layered encryption processes so that not even my1login employees can access users’ data. Business accounts are protected using two-step authentication (password and key phrase) making its default level of security the most secure of any password manager. Business passwords are encrypted client-side using 256 bit AES, then further encrypted using 256 bit SSL before being sent to my1login for storage. 1024 bit RSA public/private key cryptography further encrypts AES keys to enable secure sharing and central distribution of specific passwords where required.

A business user’s key phrase encrypts access to their business passwords using AES 256. It’s impossible for anyone to decrypt and access that stored password data without the key phrase, and it would take the most advanced computers millions of years to try out every possible permutation of a reasonable length phrase.

Want to find out more on how my1login can help protect your business from disgruntled employees seeking revenge or simply to improve your online security?

Either sign up for a free trial of my1login Business Password Manager or leave your email address in the box below to receive more information.


White Papers