Saturday, May 10, 2003

M$: $2 Trillion fine for Microsoft?

As per The Register, Microsoft's latest security lapse with its Passport information service could trigger a $2.2 trillion fine on the company courtesy of the US government.
Microsoft product manager Adam Sohn's comment to the security flaw in the password reset tool of its Passport service which could compromise the information stored on all 200 million users: "You live and learn". Is M$ really serious about security?

The flaw could have been found by anyone who tried to crack Passport seriously. From The Register:
The flaw was discovered close to four minutes after security researcher Muhammad Faisal Rauf Danka set to work on Passport. He was able to access Passport accounts at will by typing "emailpwdreset" into a URL that has the e-mail address of a user account and the address where a reset message can be sent.

No comments: