Security Vulnerability in Microsoft .NET Passport
Stuart Moore writes "A vulnerability was reported in Microsoft .NET Passport, also affecting Hotmail user accounts. The simple flaw allows an attacker to change any person's password to an arbitrary value. The attacker can then gain access to the victim's accounts, as well as to the victim's personal information (if any is stored w/ Passport). Muhammad Faisal Rauf Danka posted a note to the Full-Disclosure security e-mail list after multiple unsuccessful attempts to contact Microsoft." There's a news report as well.
The world is round? Wha?
Microsoft user = victim
Developers: We can use your help.
Microsoft go for the release fast and patch after option. Get something out the door and go "Look, WOW new bit of software come and use it". Then patch it afterwards. Now you can't expect any software to be bugfree but you can't help but think they could try harder
Rus
Cheap UK and US VPS
Personally I suggest everyone reading this makes sure to tell everyone they know, in order to stop people blindly trusting any incompetents. The fact that it's MS just makes the schadenfreude better.
Justin.
You're only jealous cos the little penguins are talking to me.