| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
$2 trillion fine for Microsoft security snafu? | |
|
||
| Time: 00:00 EST/05:00 GMT | News Source: The Register | Posted By: Todd Richardson | ||
|
Microsoft's latest security lapse with its Passport information service could trigger a $2.2 trillion fine on the company courtesy of the US government.
Microsoft on Thursday admitted that a flaw in the password reset tool of its Passport service could compromise the information stored on all 200 million users. It scampered to post a fix and is looking into potential exploits, but the damage to Microsoft may already have been done.
The Federal Trade Commission last year demanded that Microsoft improve its Passport security or face stiff fines of up to $11,000 per violation. Redmond promised to work harder to protect consumer information and launched it's Trustworthy Computing initiative to put regulators' minds at ease. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 156 Last | Next |
The time now is
6:45:23 AM
ET.
Any comment problems? E-mail us |
| #1 By 2332 (65.221.182.2) at 5/9/2003 1:30:18 AM |
|
Yawn. Microsoft would have to pay $11,000 only if the "violation" caused damage. To collect on the fine(s), the government would have to show what damage was done and to whom.
Considering the vulnerability was exploitable for only a few hours, it's very unlikely Microsoft would have to pay more than a few hundred thousand at most... but I doubt anybody will prosecute. Have I mentioned recently how much I hate The Register. Well, I do. |
| #2 By 531 (67.38.162.169) at 5/9/2003 1:30:42 AM |
| It isn't journalism. That's what the Register is for. It's crap. That's it. |
| #3 By 12071 (203.185.215.149) at 5/9/2003 3:31:13 AM |
|
This story is going to be jumped on by every anti-MS person. Anyways, the hole should never have been there in the first place but it's good that Microsoft managed to patch it up quickly even though the patch for the moment has been to disable that function.
I highly doubt Microsoft is going to be fined anything, just to be cynical about it, they haven't been fined anything so far! =) Meanwhile, not that I'm defending The Register, but why take a stab at them for reporting this? Because it's negative and about Microsoft? Even if The Register's only mission is to write stories about Microsoft, who cares, in this case they are reporting the facts. #6 "how many articles like this do you see directed towards Amazon when they create consumer confusion my putting the wrong prices?? or when they have a security hole??? " You have to admit that consumer confusion is a LITTLE BIT different to a security hold in Passport, after all if I have you password I can access everything you used to access. But you're right there are far more stories about Microsoft than there are about Amazon or Redhat, but if there's a serious hole in either of those then I want people to know about it rather than people complaining that it's unfair to show up a company in negative light. "i don't see a single article whose subject says "hey there was a hole but good job to MS for correcting it so fast" no they all immediately attack the negative." The subject may not say it because it's much more sensationalistic(sp?) to have a "Microsoft fined 2.2 trillion" or "Microsoft hacked into (again)" story, but if you read it you'll find out that they did patch it quickly. But that doesn't change the fact that the hole was there in the first place, that it could have been exploited not only in the time it took MS to patch it but before then (if someone else knew about it). "the hole shouldn't have been there in the first place?? well if i agree with that i might as well say that with EVERY single last security hole ever" Fine, just agree that the hole shouldn't have been there. As Sohn said "We didn't validate the input. We allowed somebody external to do something only the system itself should be doing." |
| #4 By 135 (209.180.28.6) at 5/9/2003 10:51:02 AM |
|
To those who are questionably defending the Register...
The issue is not whether the news is bad or not. The issue is the extreme bias represented by the way the news is reported as evidenced by the misquote of Mr. Sohn. It's like the Inquirer articles referring to the company as The Vole. |
| #5 By 8589 (65.64.202.68) at 5/9/2003 12:55:24 PM |
|
Todd Richardson and all who print stories on this Website,
Please stop getting news from the Register. It is not news, and this website is better than that. Thank you |
| #6 By 1845 (12.209.152.69) at 5/9/2003 1:25:01 PM |
|
EWW,
This web site is better than that? I don't know where you've been. Quite often this site is a pig rolling the mire of low quality, sensational articles - Byron's editorial yesterday, Mr. Dvorak earlier this week, the Req/Inq almost any time. More than half the news on this site is either offtopic (since when is "my great iMac" or "why I love open source" news on a Windows site?) or rediculously poor journalism. ActiveWin is beginning to remind me of the National Inquirer. |
| #7 By 665 (64.126.91.172) at 5/9/2003 1:33:11 PM |
|
Bob, whats up? Seems like lately you can't do anything but belittle the site. You used to be the leader of the cheerleading squad.
EWWHWW, I don't have to justify why I posted it, but this is the first Register article this site has posted in a good time. |
| #8 By 3339 (66.219.95.6) at 5/9/2003 4:11:05 PM |
|
becker, too bad the implications of this security threat are covered by a binding agreement with the FTC to prevent minor security flaws. It's not a question of whether or not there is a law preventing faulty software.
MS agreed to do everything in its power to prevent holes. Their own security people are saying this is a pathetic and easy hole that should have been caught. The guy who had discovered it had been violated so he began investigating. He found the flaw in ten minutes. I repeat: TEN MINUTES. The fact that one guy found the problem in ten minutes tells me that MS isn't doing all that much to review their code, improve security, and prevent future flaws. Also, he contacted MS directly. Sent over ten emails with no response. A response was only forthcoming once details were posted online. Moreover, MS introduced this flaw as a backdoor around the flaw which originally got the FTC involved. It aided their patching of that existing flaw, but they apparently didn't give two sh!ts of concern about whether or not they were introducing new flaws. Finally, and I am not sure of this--but I believe the agreement is for any security hole violation that exists. i.e. if they determine that such a major but simple flaw is a violation of the agreement, every product affected counts as a violation. I do not believe it is necessarily a matter of whether or not each user was exploited. As I said, I am unsure and am attempting to review the agreement to come to some interpretation of that question. However, don't take it for granted that only exploited users count as a violation. This post was edited by sodajerk on Friday, May 09, 2003 at 16:47. |
| #9 By 3653 (209.149.57.116) at 5/9/2003 6:32:38 PM |
|
EWW/sphbecker... wasting your time. I pushed that agenda many months ago. But AW likes those clicks. They mean a few extra bucks per month to them.
As I offered MONTHS ago... I would gladly pay a reasonable monthly fee for a REAL Windows NEWS site. Oh, and regarding the passport flaw... the news scared users so badly, that a grand total of 2 of them chose to close their hotmail accounts. But earlier today, 1 of the defectors signed back up for the F-R-E-E service. |
| #10 By 665 (64.126.91.172) at 5/9/2003 6:53:42 PM |
|
mooresa56,
You are right, these headlines do get a lot of click throughs. I question your logic about us getting more money from them though. If people click on a link and go to a different site...how do we get money? I'm not trying to act as if our posting these stories is a public service, but it doesn't get us more money. And one note to all of you complaining about the Reg: A nicely worded, personal email to the news staff is going to go A LOT further at getting us to not post these stories than flaming the comments with appeals. And when was the last time we posted a Reg story? I know I haven't posted anything from them in months.... |
| #11 By 1845 (12.209.152.69) at 5/9/2003 11:29:31 PM |
|
The last Register story (actually two of them) was on Monday. I should know, since I sent the links to the staff member, who posted them. Yeah, yeah, I know, they were the only two Reg articles I've ever read which didn't drip with bad journalism.
Clicks. If I understand correctly, a site that generates revenue based on usage, needs usage to generate revenue. If posting paultry articles like Byron's editorial (I'm glad at least that part 2 didn't get posted), Ms. Foley, Mr. Dvorak, etc. generates great conversation at the foolishness of the article and the author, then the site has generated more traffic for itself irrespective of the click thrus to read the article. That is, I think, what mooresa meant. Me and the cheerleading squad. I don't recall ever jumping up and down with cheers for AWs news, site design, or performance. I do recall over a period of many months stating my opinions in my news posts, emails to staff, and IMs to staff. Perhaps I wasn't polite enough for the staff, or perhaps the staff disagreed with me,, or perhaps the staff was unable to enact the changes I requested. The bottome line is that I was never an AW fan boy. Nothing has changed recently to cause me to react in the manner that I have. I've had the same complaints for more than a year. Todd, I happen to think you're a swell guy, so please don't take this personally. If you've seen me in action as a beta tester, you know that I'm extremely critical. My goal is to improve the thing I'm criticizing. If my suggestions aren't heeded, eventually, I move on. I suspect others have similar opinions. |
| #12 By 665 (64.126.91.172) at 5/9/2003 11:47:21 PM |
|
BobSmith: Ok, perhaps it has only been a week, but I know I have not posted any Reg stories in months.
I just think this whole thing is dumb. If you really didn't like Byron's article, fine...move on to the next story. If you don't like Reg stories...move on. Sometimes we post nearly 50 headlines a day for all of our sites. Does just the source of one article deserve all this banter? I still don't understand your motives BobSmith...you even worked at the site before taking a sudden hiatus. But, that really isn't any of my business (and I don't care to make it mine). I think you are a good guy too, BobSmith, I just think this is way too much over a few things which ultimately don't really matter. |
| #13 By 3653 (209.149.57.116) at 5/10/2003 12:44:08 AM |
|
Todd... I meant you get a few extra page views... hence a little extra money from the banner ads. Do you all only get $ for click-thrus? Nothing for banner VIEWS?
I dont think we are being overly critical. It just seems like theres so much more actual REAL news out there. I'm like BobSmith... critical because I want this site to be even better. But even with the Rag articles... I still appreciate the site. Hey, why else do I come here 5 times a day. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 156 Last | Next |
The time now is
6:45:23 AM
ET.
Any comment problems? E-mail us |
