A huge security flaw in Microsoft’s Passport system was disclosed late on May 7th and has apparently already been fixed by Microsoft. The flaw allowed an attacker to change a passport account’s password by typing in a simple URL into his browser. I just tried the exploit on my own passport account and I didn’t receive a password change email from the server, so it’s probably fixed. Scary though. In any language, Microsoft does not equal security. I guess that could be written as Microsoft <> security, or Microsoft != security, or Microsoft == insecurity, etc. Sorry, I am in the middle of a programming course right now so please excuse the geek out on alternative logical operator syntax. |
1 Comment »
RSS feed for comments on this post.
Another Microsoft security flaw….so? What else is new?
#1 by Meerenai — May 8, 2003 @ 3:50 am