A huge security flaw in Microsoft’s Passport system was disclosed late on May 7th and has apparently already been fixed by Microsoft. The flaw allowed an attacker to change a passport account’s password by typing in a simple URL into his browser. I just tried the exploit on my own passport account and I didn’t receive a password change email from the server, so it’s probably fixed. Scary though.

In any language, Microsoft does not equal security. I guess that could be written as Microsoft <> security, or Microsoft != security, or Microsoft == insecurity, etc. Sorry, I am in the middle of a programming course right now so please excuse the geek out on alternative logical operator syntax.

1 Comment »

  1. Another Microsoft security flaw….so? What else is new?

    #1 by Meerenai — May 8, 2003 @ 3:50 am

RSS feed for comments on this post.

Leave a comment

If you Connect with Facebook your email address will not be published.

Enter the anti-spam code displayed above (required)