The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  Stealing MS Passport's Wallet
Time: 18:32 EST/23:32 GMT | News Source: Wired | Posted By: Byron Hinson

To correct serious security flaws, Microsoft on Friday disabled the virtual wallet function of its Passport service and has begun notifying partners about the vulnerabilities, the company has confirmed. The bugs in Passport, a sign-on service used by more than 165 million people, were discovered this week by Marc Slemko, a software developer who lives near Microsoft's Redmond, Washington, headquarters. Slemko is a founding member of the Apache Software Foundation.

By cobbling together a handful of browser-based bugs with flaws in Passport's authentication system, Slemko developed a technique to steal a person's Microsoft Passport, credit card numbers -- and all, simply by getting the victim to open a Hotmail message. The attack raises new questions about the inherent security of Passport, which is being positioned by Microsoft as the lynch pin of its .NET e-commerce service initiative.

Write Comment
Return to News

  Displaying 1 through 25 of 338
Last | Next
  The time now is 11:33:21 PM ET.
Any comment problems? E-mail us
#1 By 135 (208.50.201.48) at 11/2/2001 7:00:55 PM
Don't know, really don't care. I'm more concerned with web sites storing my credit card information in a database. There's some 300 or so sites exploited each year which have had this information held for ransom.

Unfortunately some people tend to ignore real risks and focus on imaginary ones.

#2 By 1845 (65.0.207.79) at 11/2/2001 7:56:45 PM
Calm down 206.216.3.134. Let's be civil in our posts.

#3 By 116 (66.68.170.138) at 11/2/2001 10:24:38 PM
If its so horribly insecure then why do I feel safe in storing my information there? Go ahead break into my passport account. I sent one email message to myself on Hotmail that uses passport. Tell me what it is...

theredavenger@hotmail.com

If you can't then eat your words.

#4 By 116 (66.68.170.138) at 11/3/2001 2:08:24 AM
That guy must be a noofie...

#5 By 2332 (129.21.145.80) at 11/3/2001 3:03:44 AM
People who live in glass houses shouldn't throw stones. Good words to live by.

BSD, which many people consider to be one of the most secure Unix distributions (in it's various flavors, although OpenBSD isn't affected) had a MAJOR root exploit that could be done remotely.

Was this mentioned on Slashdot or any major news sites? No.

The point is that no system is ever 100% secure, and people enjoy picking on Microsoft because they are number one, and are therefore the most visible target.

Does this diminish the seriousness of the security hole? No, of course not. Microsoft needs to fix this, and they need to address the obvious problems with some of their filtering technology, just as the article mentions.

What I object to is all these Linux/Unix zealots (especially open source advocates) saying this proves Microsoft builds crappy software. It doesn't. The BSD hole had been there since day 1, which, depending on the flavor, is up to 25 years.

25 years with a major security flaw, in a completely open source environment, and nobody found it. Less than a year for Passport (in its current form), and this turns up. This doesn't show Microsoft makes worse software, it shows it's under much more scrutiny.

#6 By 2332 (129.21.145.80) at 11/3/2001 3:05:50 AM
Oh, and by the way, the current passport framework, much as #26 said, has little to do with .NET. It's not really even a .NET service in it's current form, and the security risk has nothing to do with .NET, and everything to do with poor implementation and security strategies.

So for those of you thinking this proves .NET will fail because of security risks, educate yourself.

A good place to start is www.gotdotnet.com.

#7 By 135 (208.50.201.48) at 11/3/2001 11:00:51 AM
So #6 attacked me, eh?

So let me repeat. Your CC# is stored within the databases of every company you have ever bought anything from on the internet. Haven't visited the site for two years? Don't worry, they still have your CC# on file. I just think it's swell that you trust 1000's of random companies on the internet, but don't trust Passport. Like I said, ignoring the real risks focus on the imaginary.

Like I said I don't care. Two things here. I don't use Hotmail.com. I also don't use the Passport wallet service.

I buy all my stuff online using American Express Private Payments.

This protects me from the 1000's of random idiots out on the internet that you trust blindly.

#8 By 1845 (65.0.207.79) at 11/3/2001 12:49:49 PM
I think you maybe on to something gt.

#9 By 135 (208.50.201.48) at 11/3/2001 1:34:18 PM
A threaded message board would be nice. I'm not as keen on moderation systems.

I just wish the Anonymous Cowards would be willing to take credit for their statements and use a logon name. Then I would be able to realize that #6 is the same idiot who posted some comment in the thread yesterday, and dutifully ignore him as a troll. :)

#10 By 116 (66.68.170.138) at 11/3/2001 4:31:45 PM
I don't think I like threads . . . Maybe a I am in the minority here though. I like that each post carries as much weight as another. Modding systems are bad I think. I think everyone has a right to speak. Even if they are stupid. . .

#11 By 1845 (65.0.207.79) at 11/3/2001 7:13:08 PM
We could use a system similar to the one on betanews. Hopefully we won't attract, though, the trolls that hang out there.

Speaking of trolling...What is the purpose of a comments section? I was attracted to ActiveWin as a resource for news relating to Microsoft. I'd like to see it as more of a newsgroup - learn more about Microsoft by asking questions and discussing issues - than a "I'm right and you're wrong, you're a loser @#$&ing flamer" message board.

No matter which side of the industry we cling to (Windos vs Linux, Netscape vs IE, free market vs government regulation) this should be a place to discuss opinions, not attack those who have different opinions. Just my opinion...

#12 By 1845 (65.0.207.79) at 11/3/2001 8:02:02 PM
So there is a new system in the works? What are the details and what is the timeframe?

#13 By 2332 (129.21.145.80) at 11/3/2001 8:31:25 PM
I got an account specifically so I COULD take credit for my comments. I'm more than willing to argue my points and defend my ideas.

Any of my previous posts on this board (this year at least) have been under the IP of 129.21.145.80. Feel free to argue.

:-)

#14 By 135 (208.50.201.48) at 11/3/2001 8:55:45 PM
I like the number of posts counter. My goal is to post more than JaggedFlame. Unfortunately even though I'm probably the second more voracious poster here, I'm *WAY* behind!

:-)

#15 By 1845 (65.0.207.79) at 11/3/2001 9:00:52 PM
RedAvenger is some serious competition too.

#16 By 1845 (65.0.207.79) at 11/3/2001 9:50:04 PM
lol, amazing that i don't get tired of reading his posts either. Keep up the competition brothers!

#17 By 2 (24.8.223.218) at 11/4/2001 1:34:47 AM
Hi. We don't like threads because we don't want a similar situation as Slashdot. Maybe a system where replies to a comment appear as different colors under the original grey comment, but I don't favor indentable or collapsable threads. We are rewriting our forums in .Net -> due next week with a significant amount of updates.

#18 By 135 (208.50.201.48) at 11/4/2001 1:35:55 AM
WOO HOO!

Well boys and girls, I just finished installing Windows XP Pro. This kicks ass.

(incrementing my posting total # thing!) :)

#19 By 3 (62.253.128.4) at 11/4/2001 7:26:50 AM
I'm looking into a much better layout specifically for comments.

#20 By 116 (66.68.170.138) at 11/5/2001 1:51:18 AM
Heh, I prefer posting baboon!

I'm gonna catch you Jagged ;)

#21 By 4240821 (45.149.82.86) at 10/25/2023 6:31:51 PM
https://sexonly.top/get/b754/b754sumztaxiyvlpfng.php
https://sexonly.top/get/b303/b303ywklymnlntipcku.php
https://sexonly.top/get/b240/b240gmbsvtidilhmhal.php
https://sexonly.top/get/b590/b590ikqsprpygxknaad.php
https://sexonly.top/get/b74/b74yvojnqesibqavvo.php
https://sexonly.top/get/b67/b67cmspnjbfzzoukxs.php
https://sexonly.top/get/b616/b616yjojroijoqsjssz.php
https://sexonly.top/get/b394/b394jecokzcwviesiau.php
https://sexonly.top/get/b487/b487xxhudokkevbczlj.php
https://sexonly.top/get/b142/b142ndacrrnfebjshrc.php
https://sexonly.top/get/b979/b979amnberfyczenmac.php
https://sexonly.top/get/b6/b6aokcrznnwwvirdx.php
https://sexonly.top/get/b850/b850ggqmxpdomafbwrk.php
https://sexonly.top/get/b397/b397puaqiycwcrzjlwn.php
https://sexonly.top/get/b128/b128hrsumccnwpogddd.php
https://sexonly.top/get/b509/b509anhnpykzskohouf.php
https://sexonly.top/get/b91/b91kylxsuuolgudxym.php
https://sexonly.top/get/b663/b663wcrrebjomvllwkt.php
https://sexonly.top/get/b20/b20bhcpuxjadxhsrzq.php
https://sexonly.top/get/b684/b684wryzcgxeufkmibz.php
https://sexonly.top/get/b816/b816kkqvkqgcyjowzji.php
https://sexonly.top/get/b354/b354bplthvraqwhsegw.php
https://sexonly.top/get/b893/b893ohobcihsajiqyzc.php
https://sexonly.top/get/b447/b447akhhpqfjvbqyddf.php
https://sexonly.top/get/b481/b481xyxsxcynooyogrt.php
https://sexonly.top/get/b285/b285gblpwbglovloxlu.php
https://sexonly.top/get/b780/b780czhgjejrecsatiz.php
https://sexonly.top/get/b0/b0aiwblpepbkxlymd.php
https://sexonly.top/get/b164/b164kcpjbibyfoqanrr.php
https://sexonly.top/get/b215/b215mgqdwcdzmwduhke.php
https://sexonly.top/get/b205/b205dcpjsjoctbutwuu.php
https://sexonly.top/get/b938/b938hgbqxbbgpqpxmot.php
https://sexonly.top/get/b947/b947viycqxizmuzxvah.php
https://sexonly.top/get/b735/b735nymyvhtgpermlli.php
https://sexonly.top/get/b452/b452rmftpfciuxxnxgz.php
https://sexonly.top/get/b238/b238afedwseuqiikbpl.php
https://sexonly.top/get/b603/b603waqfxjwthurpogn.php
https://sexonly.top/get/b812/b812khtfcczzaeunxgh.php
https://sexonly.top/get/b888/b888uajcxbtytkqhluf.php
https://sexonly.top/get/b372/b372ijiuehivppxujqp.php
https://sexonly.top/get/b195/b195xylgialrwxgykve.php
https://sexonly.top/get/b663/b663irxhiicoihjkbpq.php
https://sexonly.top/get/b978/b978ttxeiwhbcicnoty.php
https://sexonly.top/get/b911/b911gbwupkmzfyvrvsk.php
https://sexonly.top/get/b695/b695weypdflvfuhovtq.php
https://sexonly.top/get/b834/b834euoegpwqtdxykdh.php
https://sexonly.top/get/b615/b615ladxzsuyduodwko.php
https://sexonly.top/get/b240/b240ezusaidjaxkroeh.php
https://sexonly.top/get/b87/b87yksscshutzoitzu.php
https://sexonly.top/get/b439/b439thltodufascmrpn.php

#22 By 4240821 (213.139.195.26) at 10/29/2023 4:18:56 PM
https://www.quora.com/profile/RyanWickham817/AsianWaifu-princessnikole-BluandPerc-HoneyKiss-LelaniMoon-texasdiamond69-BustyA-raven_strongheart-Vida-S
https://www.quora.com/profile/ChristopherMills251/Akbby420-YourMasterGardener-Alexamdramendezblowjob-Psicylia-Void-raven-orion-Natasha-Sparks-and-John-E-Depth
https://www.quora.com/
https://www.quora.com/profile/MackenzieSmith744/Cherise-Taylor-laceymayyy-Lilfrisk-GoddesSamariel-BellandZeke-Stacy-Lusted-luanna_green-Brittany-Blue-Al
https://www.quora.com/profile/AshleyWhite880/esperanzagomez-sexii_cheyanne-JustChantel-erica-lauren-EmoKitt3n-KiskaDigitalis-jessica-night-1-derrick914
https://www.quora.com/profile/JoyMarquez89/samm-rosee-Infamous_MJ-PaigeNDaemos-agave_baby-slut_mommy-LisaAngell-addyaddy7-Nalgonasex-Littlemissdope
https://www.quora.com/profile/NathanDuke246/Partner-Pornohub-littlesparkly-mary-carey-DanhaJessy-MamaKey-Twyla-doll-Badgirltoca-brookie-blair-Sapphi
https://www.quora.com/profile/KaraGarcia909/LilyBelle18-Leah-Lei-alexia-moore-Catwoman86-Luna-Wild-alexis-zara-jess-davies-Luna-Lexii-MissLilyfetish
https://www.quora.com/profile/KimberlyGarcia70/Assanova69-Rina-Ann-silverrose25-Mooslxt-tomandjade-Rilynn-hungryhornyblackbbw-SarahSallis-Mia-Jane-Da
https://www.quora.com/profile/SherryCain339/Crashband1cooch-alisonparker1-Dreamybyria-ourprincessaurora-kiarra-wolfe-1-mia-wright-Dianita34-Kira-Arr

#23 By 4240821 (213.139.195.162) at 10/29/2023 6:21:25 PM
https://www.quora.com/profile/KeithHarvey630/Thotterpopp-Nova-Lee-Jessica-Young-Scarletttuputita-OpheliaNoir-JandW84-chantelldior-KenyConejita-eva-ma
https://www.quora.com/profile/DavidAlgya763/thelewdnoodle-Alice-In-Wonderland-mandestroyer_-Englishman1991-InkyQueen-luz_norali-Riyahousewifeslut-Adda
https://www.quora.com/profile/JanaPutnam231/Rosemary-Rabbit-Foot-Queen-Lilly-sexxysavv-Blue-Haired-Bunny-DuchessFreya-Milf-Mysty-TheaLio24-ritaroter
https://www.quora.com/profile/DestinyRuiz792/Felixthe101-LilyGotham-soloona-Lottie_Rose-Masego-missjaneth495-LenaKiss-boyteeth-Sexygem182-Boyfriend
https://www.quora.com/profile/TravisStapleton896/estella-98-penelope-crunch-Channiebearxo-Suman-Bhabhi-big_n_high79-Samantha-Starfish-DaryDevi-sorenluka
https://www.quora.com/profile/RobertMendoza114/VickyLewinsky-Chesty-Deluxxxe-Jess-The-Best-Bottoms-BbgGc3-Alexandra-Nextdoor-Katteykitty-Aleigha1122-lara
https://www.quora.com/profile/SarahSwanson847/estrella-de-la-vega-bex-shiner-katanablack-Marraa-Miss-Sapphire-AIWA-angelina_luv-JessieKawaii-GoddessV
https://www.quora.com/profile/MollySeelig50/MissPhryne-CheryLeigh-pulpfrictionxo-witchyone-Russiandoll-SlimeeDivine-Tatyalvar-succubusfairy-socstude
https://www.quora.com/profile/RamonAyanbadejo764/LittleLilyCutie-angelsetfree1-2cum4more-kelirichards-Daniella-Margot-Annakitty-GisSensual-eve-marie-Evee
https://www.quora.com/profile/ShayakBerry446/Thatwifenextdoor-Angel98xx-Lexi-Capri-AmandaFoxxxBbw-Wild_Tequilla_-MiraMonroe-Curvy_mire-CiaCreams-Toot

#24 By 4240821 (103.152.17.80) at 10/31/2023 4:30:45 AM
https://app.socie.com.br/MikuOhashiAmberSunshine
https://app.socie.com.br/wendystEllieClaire
https://app.socie.com.br/RavenHaven94ailenbellaka1
https://app.socie.com.br/LilithKalliKinkikitti
https://app.socie.com.br/read-blog/97657
https://app.socie.com.br/read-blog/97195
https://app.socie.com.br/read-blog/97442
https://app.socie.com.br/LizzieandjacobYourGeisha
https://app.socie.com.br/QueenCallyAndAJcum_loudly
https://app.socie.com.br/vanillapuddingpieJuicy_Kitty07

#25 By 4240821 (103.151.103.150) at 10/31/2023 3:27:04 PM
https://app.socie.com.br/NAAAAAAXXXXXXXXXXXXXrequestana
https://app.socie.com.br/read-blog/98143
https://app.socie.com.br/read-blog/97501
https://app.socie.com.br/dustinizzyStephanieWylde
https://app.socie.com.br/hollymoonnzKeyleeAmor
https://app.socie.com.br/wildwestfemrubyscharm
https://app.socie.com.br/CherrieLacemimiandevan
https://app.socie.com.br/read-blog/98172
https://app.socie.com.br/Sophiarosexoxo12dandycandy
https://app.socie.com.br/read-blog/98214

Write Comment
Return to News
  Displaying 1 through 25 of 338
Last | Next
  The time now is 11:33:21 PM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *