Amiga.org
Amiga News and Community Announcements => Amiga News and Community Announcements => Miscellaneous => Topic started by: Vincent on May 10, 2003, 03:29:52 PM
-
"Microsoft has admitted that for the last seven months up to 200 million Passport accounts have been vulnerable to plundering by thieves and malicious hackers.
The vulnerability lets a criminal get access to a Passport account using a specific web address and a trigger phrase.
Criminals exploiting the flaw could have gained access to personal information, credit card details and online mail accounts.
The Passport bug was found by Muhammad Faisal Rauf Danka, a freelance computer security consultant.
Some of the Passport accounts owned by Mr Danka and his friends had been hijacked.
In discovering how this was done, he found the website that gives privileged access to personal accounts and lets passwords be reset.
"It was so simple to do it. It shouldn't have been so simple," said Mr Danka, "Anyone could have done this."
Reportedly Mr Danka sent 10 messages to Microsoft detailing the vulnerability but got no response.
Microsoft only reacted when information about the flaw was posted online"
Full story:
BBC Technology Pages (http://news.bbc.co.uk/1/hi/technology/3013665.stm)
-
And according to "The Reg", M$ has been fined 2 TRILLION Dollars!!
Yeah Right !!
The Reg (http://theregister.co.uk/content/6/30620.html)
-
$11,000 per violation. That's a hell of a lot of money even to m$.
btw, you might want to fix the link ;-)
-
Could be fined... Has not happened Yet . IMHO should happen, but most likely not. :-(
-
Microsoft said it had locked all compromised accounts and fixed the bug.
To late the damage has been done and you deserve all you get.
-
Paul,
Not even Mr Sheen can wipe away this damage! eh! :-D
SidMan.
-
Hey, This is just like the Hotmail security hole that was in the news a year or so ago. You'd think they would learn and not make the same mistakes.
-
You'd think they would learn and not make the same mistakes.
You're hoping for a miracle there! :-P
-
Argo:
That avater is simply outstanding!
Sincerely,
-Kenneth Straarup.
-
@SidMan
Mr Sheen is only for the good guys, bad guys go without. :lol:
-
Hey, This is just like the Hotmail security hole that was in the news a year or so ago. You'd think they would learn and not make the same mistakes.
Learn? IMHO they just don't care.
Kind Regards
-
Vincent voiced:
$11,000 per violation. That's a hell of a lot of money even to m$.
;-) It is supposedly $11,000 for each customer. How much do you want to bet the customer never sees it, even if Microsoft pays up?
-
I'm dying,perhaps its too much alcohol,l>?~o>?~l>?~ at the avatar!"argo"
I'm a big fan of the X-Files.
-
Some people never learn. Would you buy a firewall program developed by Micro$oft ?
-
Snuden: Learn? IMHO they just don't care.
They're not mistakes. -- they're sales points. If people tolerate it, anything is OK.
Really, I blame the public. If they refused to use all this crap things would be much better. I refuse to buy WinXP. Period.
My biggest gripe with Passport is that it is constantly in your face. Install WindowsXP, and it just pops out at you. There's no way to turn it off. Even if you get the icon to disappear from the taskbar, it's still running in the background.
The ultimate solution: Use Windows2000 and don't download security updates. Security updates just turn on all kinds of stupid features because now Microsoft verifies that they are "fixed". I'm re-installing Win2000 and downgrading to IE5.5 because I've had so many security and reliability problems with IE6, never mind Passport!
-
I'm thinking about doing the same thing Waccoon. I Haven't installed SP3 and run Zone Alarm Pro.. However M$ STILL has managed to get in and "update" somehow....
I now get weird "Your not licensed to hear this song" messages if I try to use WMP to listen to my Mp3's.
Please, Please ... Hurry up Hyperion.
-
However M$ STILL has managed to get in and "update" somehow....
That is user error and has nothing to do with the firewall.
If you want to disable the autu-updates stuff quick and easy then get a register tweaker like X-Setup (http://www.xteq.com) and turn off all the auto update crap.
-
thx for thelink, Paul ..i'll go check it out.
-
Wacoon said:
My biggest gripe with Passport is that it is constantly in your face. Install WindowsXP, and it just pops out at you.
I wonder what the hell I fixed, then? The only mention I've seen of PassPort from WinXP since I installed it 7 months ago was during installation. I clicked no and that was the last of it.
-
That is user error and has nothing to do with the firewall.
Correct :-)
Whoever it was who decided out of principle not to install Win2k SP3 and then decided to install Automatic Updating? What are you, nuts? Read up about the "critical patches" on Windows Update (as that's the only place that would have told you to install automatic updating) before installing them, and pay particular attention to the EULAs!
Running Win2k SP2, no WMP patches (or any others with dodgy "all your base" EULAs) and completely unassociated that vulnerability-ridden piece of crap (that would be WMP 6.4 in this case :-)) from all filetypes, and using Mozilla. I'm safe :-)
-
Ok.. So I'm a thickShit ...Whoopee Doo
Even more reason to get Os4
-
The MS website no longer allows IE5.5 to be downloaded for Win2K, only WindowsME. Figures. IE6 does funky stuff with the taskbar and can disable "bring to front". I hate that.
Anyone know where to get IE5.5? You're supposed to be able to get it from certain CDROMs.
At least I have SP2 archived on my hard drive.
-
That is user error and has nothing to do with the firewall.
True. However, it's enabled by default and you have to turn it off manually. Hardly what I consider a user error.
-
The thing is... I had auto update switched off.
Weird things still happened.