|
|
User Controls
|
New User
|
Login
|
Edit/View My Profile
|
|
|
|
ActiveMac
|
Articles
|
Forums
|
Links
|
News
|
News Search
|
Reviews
|
|
|
|
News Centers
|
Windows/Microsoft
|
DVD
|
ActiveHardware
|
Xbox
|
MaINTosh
|
News Search
|
|
|
|
ANet Chats
|
The Lobby
|
Special Events Room
|
Developer's Lounge
|
XBox Chat
|
|
|
|
FAQ's
|
Windows 98/98 SE
|
Windows 2000
|
Windows Me
|
Windows "Whistler" XP
|
Windows CE
|
Internet Explorer 6
|
Internet Explorer 5
|
Xbox
|
DirectX
|
DVD's
|
|
|
|
TopTechTips
|
Registry Tips
|
Windows 95/98
|
Windows 2000
|
Internet Explorer 4
|
Internet Explorer 5
|
Windows NT Tips
|
Program Tips
|
Easter Eggs
|
Hardware
|
DVD
|
|
|
|
Latest Reviews
|
Applications
|
Microsoft Windows XP Professional
|
Norton SystemWorks 2002
|
|
Hardware
|
Intel Personal Audio Player
3000
|
Microsoft Wireless IntelliMouse
Explorer
|
|
|
|
Site News/Info
|
About This Site
|
Affiliates
|
ANet Forums
|
Contact Us
|
Default Home Page
|
Link To Us
|
Links
|
Member Pages
|
Site Search
|
Awards
|
|
|
|
Credits
©1997/2004, Active Network. All
Rights Reserved.
Layout & Design by
Designer Dream. Content
written by the Active Network team. Please click
here for full terms of
use and restrictions or read our
Privacy Statement.
|
|
|
|
|
|
|
|
Time:
08:31 EST/13:31 GMT | News Source:
ActiveWin.com |
Posted By: Robert Stein |
A new opportunity for the software industry, Microsoft .NET My Services (formerly code-named "HailStorm") is a family of XML Web services that builds upon the proven Microsoft .NET Passport and Microsoft .NET Alerts services. This new application paradigm helps businesses deepen customer relationships and improve operational efficiency.
|
|
#1 By
135 (209.180.28.6)
at
11/12/2001 10:21:29 AM
|
They're working now with MSN Messager
|
#2 By
2332 (129.21.145.80)
at
11/12/2001 11:09:21 AM
|
#1 - Since they've been using them to support 50+ million users for about a year. That's when.
#3 - You are correct, the security hole is a serious one. It's not just a technical, but a design flaw. I believe by "proven" they were talking about functionality and scalability. But that's just my interpretation.
|
#3 By
1845 (65.0.207.79)
at
11/12/2001 1:45:19 PM
|
It seems to me that a few weeks ago, the number being quoted was around 150 million passport users. Did that number just shrink? or do I misremember the previous number?
|
#4 By
135 (209.180.28.6)
at
11/12/2001 2:14:08 PM
|
I guess I'm curious #8.
Would you rather create a new userid/password combination for every website you visit?
What exactly is wrong about Passport that is greatly improved by the alternatives? I cannot see anything to justify your complaint.
|
#5 By
1845 (65.0.207.79)
at
11/12/2001 3:16:38 PM
|
#12 Don't want to offend you. I'm in favor of you doing what you want to do with your own personal information. Here's an idea with respect to Passport. If you don't want to use the same ID for all Microsoft sites, and you don't mind having multiple usernames/passwords, just create multiple passports for each Microsoft site you use.
Personally, I don't care if my hotmail account is spammed. I use passport for hotmail, msdn subscriber downloads, and some .NET alert stuff. I don' t think I really care if Microsoft can find a way to make money off of the combonation of who I IM regularly and what I download from MSDN. If they asked, I'd say flat out that I'm a developer, so it's not like there is a privacy violation in the works. As far as storing financial info, I keep that to myself. If Microsoft analyzed server logs between all of their sites, they would be able to get the same info about me that they can get with passport. That's the danger of static IP address with Tx, cable, or dsl.
|
#6 By
2332 (129.21.145.80)
at
11/12/2001 5:11:53 PM
|
#15 - Multiple accounts = good security? Huh? How so?
To extent, I suppose the larger number of different passwords you use, the less chance and single compromise can screw you.
On the other hand, which is deserving of more trust? Countless small companies, all with your info. Or Microsoft, a massive company that has a LOT MORE to lose than each of those individual companies, and many more resources available to protect you?
|
#7 By
135 (209.180.28.6)
at
11/12/2001 5:34:13 PM
|
#12. What personal info?
I use Passport extensively for Messenger and the Microsoft MSDN support stuff. Yet I go out and look at passport.com and I don't see any personal information tied to my account.
Hmm, wait... Ok you got me! I just checked and my zip code is entered.
|
#8 By
1845 (65.0.207.79)
at
11/12/2001 6:47:13 PM
|
#15 no it isn't silly, and no i'm not a fan of span. I said I don't care if my hotmail account is spammed, because I don't use my hotmail account for email. When you can buy a domain for $35/yr or less, why would you use hotmail? Considering the sites #12 is referring to, why does he care if his passport is stolen or not. Um, oh no, someone might find out from carpoint that I drive a Nissan Maxima. Someone might find out that I (I being someone other than the first instance of I) wanted to take a trip to Tampa, Florida. Then someone might find out that I (another I than the other two) downloaded WindowsXP pro and Visual Studio.NET RC from MSDN. Gosh, even if someone knew that I was all three of those people, it still wouldn't matter to me.
As for the Keychain. This sound just like autocomplete which has been available since IE 5. If I want to store usernames/passwords locally, IE already does it for me (if I want).
|
#9 By
1845 (65.0.207.79)
at
11/12/2001 7:16:20 PM
|
#12 and #8 are the same person. #8 said that he went to MS sites (who else really uses passport now anyway).
My example of sites containing insignificant data is very valid, because these are the types of sites #8 was talking about.
Didn't mean to offend with my keychain comment. My comment was based on what #15 said about the app. Before reading his post, I'd never heard of it. Anyway, I would assume it's sole purpose isn't security but rather convenience. If you wanted to secure your usernames and passwords, you probably wouln't reveal them to anyone who didn't need to know them whether it be keychain or autocomplete or gator or anything.
|
#10 By
1845 (65.0.207.79)
at
11/12/2001 7:18:20 PM
|
Oh, redarding hotmail accounts. I had an account that I used for email. I'm older now and have several domains as well as school and work email accounts. For the most part I only use my hotmail account as my passport id but not for email. I don't switch ID's, cause my friends have that as my id for messenger.
|
#11 By
2332 (129.21.145.80)
at
11/12/2001 7:37:51 PM
|
OK. Good point guys. Passport IS much more likely to be the target of hackers, which does concern me.
As a developer, however, I know that software CAN be written to be 100% secure. Is it often? No. The more complex software gets the less secure (or, rather, bug free) it becomes.
Microsoft isn't known for its code "quality," but recently Microsoft has been enforcing company wide coding practices that greatly increase reliability. I have several friends who work at Microsoft, and every piece of code that's been written there during the past few months has come under extreme scrutiny.
Does the ensure anything? Of course not. But I think passport could be a really cool thing, and I'm hoping it succeeds.
AT ANY RATE, the .NET My Services are a lot more than just Passport. I'm already using and developing apps based on them, and its cool stuff.
|
#12 By
1845 (65.0.207.79)
at
11/12/2001 8:17:37 PM
|
I do use passport, I just don't use it for to store secure data. The idea of passport as a single signon is what I use it for - one ID for MSDN, MSN, Hotmail, Messenger, Carpoint, Expedia. One reason I like passport is that I can use it remotely. I use many different computers and quite like the fact that I don't have to remember many usernames/passwords. As far as passport being part of .NET My services, I use .NET alerts to receive important messages on my cell phone.
My point with passport is that if you are afraid of it being hacked, then don't use it to store secure financial or personal data. In my opinion MSDN, what weather info I want to see on MSN, and what stocks I'm tracking don't constitute important info. If someone finds out, I really don't care. My recommendation to have multiple passports was for #8's benefit only. I don't see why he complains about Microsoft using passport on its own site. I don't see that there is any important information to be exposed if someone hacks his passport which he uses to get to certain Microsoft sites.
Now, as far as using passport as Microsoft is positioning it for the future - the authentication mechanism for medical records, banking records, eCommerce, etc. I haven't decided how I feel about using Passport for those purposes. I do, however, think that the world is moving that way - Sun, Oracle, and AOL all are producing competing technologies to Passport. One way or another, single sign on will become more and more popular.
|
#13 By
1845 (65.0.207.79)
at
11/12/2001 9:14:53 PM
|
I was responding to a post, to a comment, not to the ideal of passport. That isn't circular reasoning. The fact that Messenger logs me into hotmail constitues my use of Hotmail (just fyi). I don't say or think that it is highly likely that Passport will be hacked. I simply stated that if it were, the only data about me that could be obtained, Microsoft could already obtain if it read its server logs and searched for the IP addresses I use.
When you talk about data, what are you referring to? Since I only use passport on Microsoft sites, CURRENTLY, they have all of my data anyway. Like I said, I'm not sure about how I feel about using passport for other things. But for now, it is a rather innocuous technology to me.
|
#14 By
135 (208.50.201.48)
at
11/12/2001 9:37:03 PM
|
I'm sorry, but I'm going to repeat my statements more clearly. Apparently the sarcastic phrasing of my questioning was not well understood.
I use Passport extensively. For MSN instant messenger, for MSDN, for Carpoint, several other Microsoft sites. I'd even use it for slashdot.org, activewin.com if they offered it. I think ebay was going to use it, but I haven't checked that out.
These are all sites that I either use cookies for, or have to enter my username/password in every time to identify myself. How is Passport authentication to these sites different from the current way I have to manage my username/password which means I have a different one for each site and I have to write them all down? Someone get's on my computer, they've got it nailed, whereas with Passport I only have to memorize the one password and never store it anywhere.
Anyway, that's a pretty silly argument to make against Passport.
Now on to the question of personal info. Again, what personal info?
I have decided that I really don't need or want Passport to store my personal info. So I have not entered any, with the exception of my zip code. I've also unchecked all the boxes which state "Share such and such info with Passport sites", again because I don't really need that functionality.
I am a *HUGE* proponent of being required to enter my credit card information in each and every time I make a purchase. I don't think e-commerce sites should ever store that information, in fact once the purchase is cleared it should be wiped out of the system.
Yet I can count on the fingers of one hand the sites that actually perform that way. Most of them, like Amazon, want to remember your personal information as a convenience to you. So next time you can do one-click shopping. Actually I believe with the example of amazon you have to explicitly sign up for that, but many do not make that distinction.
So, let me go through the arguments:
- Single sign-on is bad -> No proof of this argument, and actually quite the contrary from my perspective with the number of username/password combos I have written down. (We are talking at least 75)
- Passport allows people to steal personal info -> Again no proof of this argument because Passport never demands you input personal info.
So when I say your argument is silly, I hope next time you can better understand my position.
BTW, your argument is silly. It will continue to be silly until you can prove to me that all of my personal information is stored in Passport.
Here's an idea. How about I go ahead and create a dummy Passport account, give you the name and password and you go ahead and tell me about all my personal information?
|
#15 By
1845 (65.0.207.79)
at
11/12/2001 11:37:55 PM
|
Thank you #31, that was the point I was trying to make.
#30 What you said makes total sense to me. In fact I'll bet our passport profiles look pretty similar - only the bare minimum of info to use a particular service, volunteering nothing to be given to third parties. As far as eCommerce sites and credit card numbers, well, I don't think that it really matters whether you have the site store your numbers or not. Why? Because I suspect that whether you say you want to or not, there is a transaction log which contains your numbers. Anyone who wanted my credit card numbers - from the guy copying it from the receipt at the gas station, to the dishonest web master snagging it from his database, to the hacker who hacks the database - could get them if they really wanted them.
#29 OK, I see your point, so let me explain how I think. I usually take things on a case by case basis. For instance, I use a cell phone in all the cases where it makes sense to use a cell phone. As soon as it doesn't make sense, I'll make a call some other way - Internet telephony, landline phone etc. If AT&T said that I should use my phone 24/7, I wouldn't say NO! I won't use it at all, rather I'd say, I'll use it when it makes sense to me.
I use Passport when it makes sense to me. I defend the use of passport for the areas where it makes sense to me. Although Microsoft may say in press releases or SDKs or keynote speaches that it should be used everywhere, I can still choose to only use it where it makes sense to me. Because I only use Passport where it makes sense to me doesn't mean I completely support or completely do not support it. It means I, as a consumer, have a choice to the parts of it that I like. Now, if Microsoft said, if you don't give us valid and current credit card info to put in wallet then you can't use Passport that would be a whole different matter. I'd have to think that over to decide what I thought. For now though, it is convenient for me and it maintains as much privacy as I expect from the Internet.
|
#16 By
135 (208.50.201.48)
at
11/13/2001 12:14:01 AM
|
I guess part of the point is that Microsoft has made every effort to assure Passport accomodates everybody who has complained about it. If you'd only bother to look into what you've been complaining about you'd see that.
|
#17 By
1845 (65.0.207.79)
at
11/13/2001 12:19:21 AM
|
Soda, that was to #29, right?
|
#18 By
135 (209.180.28.6)
at
11/13/2001 10:32:28 AM
|
I think so. It was more of a general comment.
I want to add also that in general complaints are a needed part of the feedback system. Microsoft does listen to customers and does greatly accomodate people's privacy and questions of security into their products. Actually I don't believe I can think of a better example of a company more concerned with personal privacy than Microsoft.
So complaints are good... They provide valuable feedback.
But when the issues have been addressed, the policies put in place... and people are still complaining about the same things.
Then they become silly.
Such is the case with the Passport complaints. They became silly about 6 months ago.
|
#19 By
1845 (207.173.73.201)
at
11/13/2001 1:57:28 PM
|
I think that the fall of one Microsoft product or other is of the most prophesied events - Windows in general vs Apple, Windows vs Java, SQL Server vs Exchange, XBox vs PS2, .NET vs Java, Passport vs MagicCarpet. I can't believe I'm agreeing with Larry Ellison, but I suspect that there will be a goodly number of users on each of the single signon systems. I doubt that Microsoft will be failing any time soon.
|
#20 By
135 (209.180.28.6)
at
11/13/2001 2:31:09 PM
|
#36. Well you know, after the satellites are launched and the robots take over the earth... will your internet privacy really matter?
I can't quite decide. Will the future look like Terminator or the Matrix?
|
#21 By
1845 (207.173.73.201)
at
11/13/2001 4:53:47 PM
|
Perhaps tech savvy people care about security, but I'm not so sure the general public is informed enough to have the security worries which you have. For example, Mellisa was the first (that I know of) to target Outlook and Outlook Express back in early 2001. I'll bet that with new releases of Outlook (XP) and OE (5, 5.5, and 6) since that time the very same users who didn't really care about Mellissa continued to upgrade and use the same targetted email clients. I suspect such users will use Passport if it is presented to them, despite what many will say about security.
To compare, it would be interesting to take some large eCommerce sites (other obvious targets) like Amazon, Barnes and Noble and see how many people store their credit card info. I'll be a good portion of them do. PR certainly is important, but a lazy public is also important.
|
#22 By
135 (209.180.28.6)
at
11/13/2001 6:40:33 PM
|
#40. I do hope that those users went and upgraded to the new release of Outlook and Outlook Express... considering they are immune to the vulnerabilities Melissa and others exploited.
But again this goes back to my point... If a vendor listens to complaints and fixes issue, why continue to berate them on the same issue?
|
#23 By
1845 (65.0.207.79)
at
11/13/2001 11:47:23 PM
|
Quite true, soda. My point was that, the average user wouldn't care whether or not there were security fixes or not. They would upgrade with a new OS, or good TV commercial, or because the saw nice display in the store, not because the product become so much more secure.
|
|
|
|
|