Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Vulnerability in Microsoft .NET Passport

Posted by michael on from the doh dept.

Stuart Moore writes "A vulnerability was reported in Microsoft .NET Passport, also affecting Hotmail user accounts. The simple flaw allows an attacker to change any person's password to an arbitrary value. The attacker can then gain access to the victim's accounts, as well as to the victim's personal information (if any is stored w/ Passport). Muhammad Faisal Rauf Danka posted a note to the Full-Disclosure security e-mail list after multiple unsuccessful attempts to contact Microsoft." There's a news report as well.

1 of 433 comments (clear)

  1. Re:What do people expect? by TomorrowPlusX · · Score: 0, Flamebait

    OK, sure. But considering that at this point (and let's be realistic) Microsoft *has* won the game.

    It's extraordinarily unlikely that MS taking 8 more months on the release of product X will put them out of business, or even loosen their hold on some part of the market. I mean, what's company XYZ with possibly tens of thousands of word files, access files etc etc going to do? Sure, OpenOffice is great, but try convincing your IT dept. I have.

    What I'm getting at here is that we all know MS has won and has, by virtue of being a monopoly, created an almost completely homogenous computing environment. So, much like the way a biological virus can sweep through a bunch of genetically identical engineered super-corn, we're now in a situation in which any single one of MS's mistakes could potentially bring down a major percentage of the world's systems. Think about that for a second. I'm not talking about a bunch of secretaries having solitaire crash. The potential for economic disaster is very real.

    In my magic world -- the one where republicans talk about corporate responsibility but *aren't* lying through clenched teeth -- MS would recognize that by this point they simply can't lose. And as such, it's their responsibility to make DAMN sure that their products, which we have no choice but to buy, actually work.

    But in truth this is all naive whining. The reality of course is that MS is at the point where thay can just fill a cardboard box with feces and gravel, sell it to us for $295.00 and we'd damned well better be gracious for the priveledge.

    Choice in computing is dead.

    --

    lorem ipsum, dolor sit amet