Re: [ba-unrev-talk] Microsoft and Security
On Sat, 10 May 2003, Jack Park wrote: (01)
> "A serious security flaw in Microsoft's Passport service put more than just
> its 200 million customers' accounts at risk of being hijacked--it also gave (02)
gee (03)
> To me, it's an important, maybe tragic statement about humanity that the
> one company that many people, even people in the US government, like to
> mention in the context of sloppy software security systems, that company
> has managed to hook 200 million people -- nearly every adult in the United
> States! into their Passport system. (04)
one context where that service has been coming up lately is the on-line
game Asheron's Call, http://www.microsoft.com/games/zone/asheronscall/
that seemed to be using Passport for registering the players. actually
that's the only context where anyone i know has been actively using
Passport, except from Hotmail perhaps (supposing it uses Passport too).
of course, it's not nice for e.g. gamers if their role playing characters
are misused, but i guess that's the least threatning scenario in this.. (05)
based on Microsoft's reputation, it seems that many users don't give any
valid personal information to them. e.g. for Hotmail, even before
Microsoft bought it, most of the accounts were kind of fake accounts
(containing no actual personal information) and probably many still are.
but still compromising the access there is very serious -- although not
probably the worst place. (06)
personally i've declined from giving any correct data even when
registering their software (the university where i work has MS Office
licenses, and I've sometimes tried that out even though don't really use
it for any work) -- guess giving false information there violates their
infamous EULA (End User License something), but aren't those not legal
anyhow? (at least here in Finland/Europe?). (07)
this kind of news seems to justify such behaviour. (08)
> Go figure... (09)
.. (010)
~Toni (011)