Flaw exposes Microsoft ID service .net

[Vincent]

"Microsoft has admitted that for the last seven months up to 200 million Passport accounts have been vulnerable to plundering by thieves and malicious hackers.

The vulnerability lets a criminal get access to a Passport account using a specific web address and a trigger phrase.



Criminals exploiting the flaw could have gained access to personal information, credit card details and online mail accounts.

The Passport bug was found by Muhammad Faisal Rauf Danka, a freelance computer security consultant.

Some of the Passport accounts owned by Mr Danka and his friends had been hijacked.

In discovering how this was done, he found the website that gives privileged access to personal accounts and lets passwords be reset.

"It was so simple to do it. It shouldn't have been so simple," said Mr Danka, "Anyone could have done this."

Reportedly Mr Danka sent 10 messages to Microsoft detailing the vulnerability but got no response.

Microsoft only reacted when information about the flaw was posted online"

Full story:

BBC Technology Pages

[The_Editor]

And according to "The Reg", M$ has been fined 2 TRILLION Dollars!!

Yeah Right !!

The Reg

[Vincent]

$11,000 per violation.  That's a hell of a lot of money even to m$.

btw, you might want to fix the link ;-)

[JoannaK]

Could be fined... Has not happened Yet .  IMHO should happen,  but most likely not.  :-(

[Paul_Gadd]

Microsoft said it had locked all compromised accounts and fixed the bug.

To late the damage has been done and you deserve all you get.

[SidMan]

Paul,

Not even Mr Sheen can wipe away this damage! eh!  :-D

SidMan.

[Argo]

Hey, This is just like the Hotmail security hole that was in the news a year or so ago. You'd think they would learn and not make the same mistakes.

[Vincent]

You'd think they would learn and not make the same mistakes.

You're hoping for a miracle there! :-P

[elendil]

Argo:

That avater is simply outstanding!

Sincerely,

-Kenneth Straarup.

[Paul_Gadd]

@SidMan

Mr Sheen is only for the good guys, bad guys go without.  :lol:

[Snuden]

Hey, This is just like the Hotmail security hole that was in the news a year or so ago. You'd think they would learn and not make the same mistakes.

Learn? IMHO they just don't care.

Kind Regards

[Quixote]

Vincent voiced:

$11,000 per violation. That's a hell of a lot of money even to m$.

;-) It is supposedly $11,000 for each customer.  How much do you want to bet the customer never sees it, even if Microsoft pays up?

[cap]

I'm dying,perhaps its too much alcohol,l>?~o>?~l>?~ at the avatar!"argo"

I'm a big fan of the X-Files.

[toRus]

Some people never learn. Would you buy a firewall program developed by Micro$oft ?

[Waccoon]

Snuden:  Learn? IMHO they just don't care.

They're not mistakes. -- they're sales points.  If people tolerate it, anything is OK.

Really, I blame the public.  If they refused to use all this crap things would be much better.  I refuse to buy WinXP.  Period.

My biggest gripe with Passport is that it is constantly in your face.  Install WindowsXP, and it just pops out at you.  There's no way to turn it off.  Even if you get the icon to disappear from the taskbar, it's still running in the background.

The ultimate solution:  Use Windows2000 and don't download security updates.  Security updates just turn on all kinds of stupid features because now Microsoft verifies that they are "fixed".  I'm re-installing Win2000 and downgrading to IE5.5 because I've had so many security and reliability problems with IE6, never mind Passport!