Microsoft acknowledged a security flaw in its popular Internet Passport service that left 200 million consumer accounts vulnerable to hackers and thieves -- an admission that could expose the company to a hefty fine from U.S. regulators.
Microsoft said it fixed the problem early Thursday after a Pakistani computer researcher disclosed details of it on the Internet. Product Manager Adam Sohn said the company locked out all accounts it believed had been altered using the flaw. He declined to say how many people were affected but said it was a small number.
Several security experts said they had successfully tested the procedure overnight. Sohn said the flaw had apparently existed since at least September 2002, but Microsoft investigators have found no evidence anyone tried to use the technique to seize a Passport account before last month.
Passport promises consumers a single, convenient method for identifying themselves across different Web sites and encourages purchases online of movies, music, travel and banking services.
Closely tied to Microsoft's flagship Windows XP software, Passport also controls access for Windows users to the free Hotmail service and instant-messaging accounts.
The incident was yet another embarrassing lapse for Microsoft and could result in sanctions by the Federal Trade Commission and even a staggering fine. The episode occurs in the midst of Microsoft's "trustworthy computing initiative" to improve security for all its software products and services.
Article continues... CNN
Posted on Friday, 09 May 2003 @ 11:00:34 UTC by cj (960 reads) [ Trackback ]
