Microsoft Passport Exploit
By Eric Mattes 09 May 2003
I just found out about this today. An unthinkably simple exploit allows anybody to change anybody else’s password to whatever they want. Microsoft found out about the problem after somebody posted it to a public message board. The FTC is considering a ridiculously large fine to punish Microsoft. See article here:
<p><a href="http://theregister.co.uk/content/6/30620.html">http://theregister.co.uk/content/6/30620.html</a></p>
<p><br />
Detailed report here:</p>
<p><a href="http://securitytracker.com/alerts/2003/May/1006728.html">http://securitytracker.com/alerts/2003/May/1006728.html</a><br />
This brings to mind the issue… MS seems to be suffering from their own popularity. I’ve heard the excuse “nobody ever got fired for choosing microsoft.” It’s true, and I think this is why they can never be dethroned. Unfortunately there are legions of hackers who have devoted themselves to exploiting flaws in MS products and punishing those who use them. So… they will always be number 1 despite the fact that they are notoriously flawed. Obviously there are flaws in competitor’s software, but nobody is trying to write viruses for those programs! It’s sad that so many people depend on MS software.<br />
MS should really hire a team of hackers to hack their software before it is released or else they will never see the end of stuff like this.<br />
Tags: microsoft