| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Stealing MS Passport's Wallet | |
|
||
| Time: 18:32 EST/23:32 GMT | News Source: Wired | Posted By: Byron Hinson | ||
|
To correct serious security flaws, Microsoft on Friday disabled the virtual wallet function of its Passport service and has begun notifying partners about the vulnerabilities, the company has confirmed. The bugs in Passport, a sign-on service used by more than 165 million people, were discovered this week by Marc Slemko, a software developer who lives near Microsoft's Redmond, Washington, headquarters. Slemko is a founding member of the Apache Software Foundation. By cobbling together a handful of browser-based bugs with flaws in Passport's authentication system, Slemko developed a technique to steal a person's Microsoft Passport, credit card numbers -- and all, simply by getting the victim to open a Hotmail message. The attack raises new questions about the inherent security of Passport, which is being positioned by Microsoft as the lynch pin of its .NET e-commerce service initiative. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 166 Last | Next |
The time now is
3:51:04 AM
ET.
Any comment problems? E-mail us |
| #1 By 135 (208.50.201.48) at 11/2/2001 7:00:55 PM |
|
Don't know, really don't care. I'm more concerned with web sites storing my credit card information in a database. There's some 300 or so sites exploited each year which have had this information held for ransom.
Unfortunately some people tend to ignore real risks and focus on imaginary ones. |
| #2 By 1845 (65.0.207.79) at 11/2/2001 7:56:45 PM |
| Calm down 206.216.3.134. Let's be civil in our posts. |
| #3 By 116 (66.68.170.138) at 11/2/2001 10:24:38 PM |
|
If its so horribly insecure then why do I feel safe in storing my information there? Go ahead break into my passport account. I sent one email message to myself on Hotmail that uses passport. Tell me what it is...
theredavenger@hotmail.com If you can't then eat your words. |
| #4 By 116 (66.68.170.138) at 11/3/2001 2:08:24 AM |
| That guy must be a noofie... |
| #5 By 2332 (129.21.145.80) at 11/3/2001 3:03:44 AM |
|
People who live in glass houses shouldn't throw stones. Good words to live by.
BSD, which many people consider to be one of the most secure Unix distributions (in it's various flavors, although OpenBSD isn't affected) had a MAJOR root exploit that could be done remotely. Was this mentioned on Slashdot or any major news sites? No. The point is that no system is ever 100% secure, and people enjoy picking on Microsoft because they are number one, and are therefore the most visible target. Does this diminish the seriousness of the security hole? No, of course not. Microsoft needs to fix this, and they need to address the obvious problems with some of their filtering technology, just as the article mentions. What I object to is all these Linux/Unix zealots (especially open source advocates) saying this proves Microsoft builds crappy software. It doesn't. The BSD hole had been there since day 1, which, depending on the flavor, is up to 25 years. 25 years with a major security flaw, in a completely open source environment, and nobody found it. Less than a year for Passport (in its current form), and this turns up. This doesn't show Microsoft makes worse software, it shows it's under much more scrutiny. |
| #6 By 2332 (129.21.145.80) at 11/3/2001 3:05:50 AM |
|
Oh, and by the way, the current passport framework, much as #26 said, has little to do with .NET. It's not really even a .NET service in it's current form, and the security risk has nothing to do with .NET, and everything to do with poor implementation and security strategies.
So for those of you thinking this proves .NET will fail because of security risks, educate yourself. A good place to start is www.gotdotnet.com. |
| #7 By 135 (208.50.201.48) at 11/3/2001 11:00:51 AM |
|
So #6 attacked me, eh?
So let me repeat. Your CC# is stored within the databases of every company you have ever bought anything from on the internet. Haven't visited the site for two years? Don't worry, they still have your CC# on file. I just think it's swell that you trust 1000's of random companies on the internet, but don't trust Passport. Like I said, ignoring the real risks focus on the imaginary. Like I said I don't care. Two things here. I don't use Hotmail.com. I also don't use the Passport wallet service. I buy all my stuff online using American Express Private Payments. This protects me from the 1000's of random idiots out on the internet that you trust blindly. |
| #8 By 1845 (65.0.207.79) at 11/3/2001 12:49:49 PM |
| I think you maybe on to something gt. |
| #9 By 135 (208.50.201.48) at 11/3/2001 1:34:18 PM |
|
A threaded message board would be nice. I'm not as keen on moderation systems.
I just wish the Anonymous Cowards would be willing to take credit for their statements and use a logon name. Then I would be able to realize that #6 is the same idiot who posted some comment in the thread yesterday, and dutifully ignore him as a troll. :) |
| #10 By 116 (66.68.170.138) at 11/3/2001 4:31:45 PM |
| I don't think I like threads . . . Maybe a I am in the minority here though. I like that each post carries as much weight as another. Modding systems are bad I think. I think everyone has a right to speak. Even if they are stupid. . . |
| #11 By 1845 (65.0.207.79) at 11/3/2001 7:13:08 PM |
|
We could use a system similar to the one on betanews. Hopefully we won't attract, though, the trolls that hang out there.
Speaking of trolling...What is the purpose of a comments section? I was attracted to ActiveWin as a resource for news relating to Microsoft. I'd like to see it as more of a newsgroup - learn more about Microsoft by asking questions and discussing issues - than a "I'm right and you're wrong, you're a loser @#$&ing flamer" message board. No matter which side of the industry we cling to (Windos vs Linux, Netscape vs IE, free market vs government regulation) this should be a place to discuss opinions, not attack those who have different opinions. Just my opinion... |
| #12 By 1845 (65.0.207.79) at 11/3/2001 8:02:02 PM |
| So there is a new system in the works? What are the details and what is the timeframe? |
| #13 By 2332 (129.21.145.80) at 11/3/2001 8:31:25 PM |
|
I got an account specifically so I COULD take credit for my comments. I'm more than willing to argue my points and defend my ideas.
Any of my previous posts on this board (this year at least) have been under the IP of 129.21.145.80. Feel free to argue. :-) |
| #14 By 135 (208.50.201.48) at 11/3/2001 8:55:45 PM |
|
I like the number of posts counter. My goal is to post more than JaggedFlame. Unfortunately even though I'm probably the second more voracious poster here, I'm *WAY* behind!
:-) |
| #15 By 1845 (65.0.207.79) at 11/3/2001 9:00:52 PM |
| RedAvenger is some serious competition too. |
| #16 By 1845 (65.0.207.79) at 11/3/2001 9:50:04 PM |
| lol, amazing that i don't get tired of reading his posts either. Keep up the competition brothers! |
| #17 By 2 (24.8.223.218) at 11/4/2001 1:34:47 AM |
| Hi. We don't like threads because we don't want a similar situation as Slashdot. Maybe a system where replies to a comment appear as different colors under the original grey comment, but I don't favor indentable or collapsable threads. We are rewriting our forums in .Net -> due next week with a significant amount of updates. |
| #18 By 135 (208.50.201.48) at 11/4/2001 1:35:55 AM |
|
WOO HOO!
Well boys and girls, I just finished installing Windows XP Pro. This kicks ass. (incrementing my posting total # thing!) :) |
| #19 By 3 (62.253.128.4) at 11/4/2001 7:26:50 AM |
| I'm looking into a much better layout specifically for comments. |
| #20 By 116 (66.68.170.138) at 11/5/2001 1:51:18 AM |
|
Heh, I prefer posting baboon!
I'm gonna catch you Jagged ;) |
|
Write Comment
Return to News |
Displaying 1 through 25 of 166 Last | Next |
The time now is
3:51:04 AM
ET.
Any comment problems? E-mail us |
