Microsoft admits major flaw in Passport system.
November 3, 2001 7:59 PM Subscribe
I am utterly surprised and shocked.
posted by panopticon at 9:12 PM on November 3, 2001
posted by panopticon at 9:12 PM on November 3, 2001
So don't use it. Use another email provider, or another OS (Mac, Linux). At least MS acknowleged the problem this time, unlike their usual policy.
While I don't dispute they make some buggy product, I guarantee if Apple or another vendor had been as successful in the OS market they'd have a ton of hackers gunning at their software as well to find holes like MS does.
posted by owillis at 9:22 PM on November 3, 2001
While I don't dispute they make some buggy product, I guarantee if Apple or another vendor had been as successful in the OS market they'd have a ton of hackers gunning at their software as well to find holes like MS does.
posted by owillis at 9:22 PM on November 3, 2001
machaus...say, you don't happen to work for the DoJ anti-trust division, do you...? :-)
posted by davidmsc at 9:25 PM on November 3, 2001
posted by davidmsc at 9:25 PM on November 3, 2001
What! Not a major bug? Consider, for a moment, the idea that someone could get your credit card information by having you read a message in Hotmail...How can you NOT classify this as a major bug?
posted by bradlauster at 9:29 PM on November 3, 2001
posted by bradlauster at 9:29 PM on November 3, 2001
Machaus, it's easy to dislike the way Microsoft behaves, but it's hard to understand an actual hatred of the guy that started and headed up the company. Personally, I believe that the man is not the company, so I found it interesting that you focus on Gates.
Overall I think Apple is a better corporate citizen than Microsoft, but I shudder to think of Steve Jobs running the show were they to trade places in terms of market share. Gates at least shows a human side in the hundreds of millions he's given away to charities. All I've ever known Jobs to give back to the world is himself. Maybe you can inform me otherwise.
posted by holycola at 10:41 PM on November 3, 2001
Overall I think Apple is a better corporate citizen than Microsoft, but I shudder to think of Steve Jobs running the show were they to trade places in terms of market share. Gates at least shows a human side in the hundreds of millions he's given away to charities. All I've ever known Jobs to give back to the world is himself. Maybe you can inform me otherwise.
posted by holycola at 10:41 PM on November 3, 2001
Den Beste: the only reason it had such a short window was because the author of the exploit revealed it to MS before he revealed it to the world. You can rest assured that there are other exploits, and that the people who discover those will not always be so cooperative or well intentioned. That the author described the hack as taking 'about half an hour to figure out' (in a discussion with Wired) is very, very discouraging. What's worse is that because the DOJ rolled over we won't have any choice of anything other than Passport soon enough.
posted by louie at 10:55 PM on November 3, 2001
posted by louie at 10:55 PM on November 3, 2001
Agreed holycola - once I learned about his very quiet, very impressive philanthropy, my respect for Bill Gates jumped enormously. I love Apple and use a Mac but Bill Gates has done a lot of good in the real, non-computer world too.
posted by josh at 11:03 PM on November 3, 2001
posted by josh at 11:03 PM on November 3, 2001
Good point, Holycola. But Steve-o only makes one dollar a year at Apple. He got so rich so early that he apparently hasn't given much thought to building a fortune.
As cynical as it may seem, I still don't think Bill Gates is necessarily a good person. I think he has more money than he can possibly spend and recognizes the excellent PR he can get for giving it away.
His business sense is highly respected, but that's the very reason I don't trust him personally. Would you trust the best used car salesmen in a 100 mile radius? What about a salesmen who was proven in a court of law to illegally force other businesses into the ground?
Apple is Steve Jobs : Innovative and arrogent to a fault. Microsoft *is* Bill Gates : Ruthless and successful.
posted by jragon at 11:12 PM on November 3, 2001
As cynical as it may seem, I still don't think Bill Gates is necessarily a good person. I think he has more money than he can possibly spend and recognizes the excellent PR he can get for giving it away.
His business sense is highly respected, but that's the very reason I don't trust him personally. Would you trust the best used car salesmen in a 100 mile radius? What about a salesmen who was proven in a court of law to illegally force other businesses into the ground?
Apple is Steve Jobs : Innovative and arrogent to a fault. Microsoft *is* Bill Gates : Ruthless and successful.
posted by jragon at 11:12 PM on November 3, 2001
Hackers will target MS because it is a big and prominent target, true. And if Apple were on top, they'd be targeted.
That's not the issue.
The issue is that many knowledgeable people in the security field have said that having a centralized log-in to many personal services is just a bad idea, because it creates a single point of failure. That's what Passport (and its use in .NET) make you vulnerable to: one bug there, and your credit cards, email, and whatever future services they add (scheduling, file storage, etc) could be in hacker's hands.
MS, of course, continually dismisses these concerns. The last time there was an incident with Hotmail, they gave the same "The hole has been closed, and we're taking further measures to 'beef up' security." spiel we're seeing now.
I don't have anything inherently against MS. I like lots of their software, though I wish it weren't as buggy. But I won't be giving them my credit card details any time soon, nor will I use Passport for anything important. If they want .NET to happen they need to stop spinning and start getting serious about security.
posted by cps at 11:13 PM on November 3, 2001
That's not the issue.
The issue is that many knowledgeable people in the security field have said that having a centralized log-in to many personal services is just a bad idea, because it creates a single point of failure. That's what Passport (and its use in .NET) make you vulnerable to: one bug there, and your credit cards, email, and whatever future services they add (scheduling, file storage, etc) could be in hacker's hands.
MS, of course, continually dismisses these concerns. The last time there was an incident with Hotmail, they gave the same "The hole has been closed, and we're taking further measures to 'beef up' security." spiel we're seeing now.
I don't have anything inherently against MS. I like lots of their software, though I wish it weren't as buggy. But I won't be giving them my credit card details any time soon, nor will I use Passport for anything important. If they want .NET to happen they need to stop spinning and start getting serious about security.
posted by cps at 11:13 PM on November 3, 2001
It's possible to know that Bill Gates is a decent and kind human being and still (somewhat comically and exaggeratedly) hate his presence, actions, and influence in the computer industry. I lean toward rational dislike combined with pragmatic acceptance, personally, but then I'm a wishy-washy centrist on the toilet-paper-up-or-down issue, as well.
And while I think they make a decent operating system and office products suite and are very successful at marketing it, I'm more than a little disturbed at the idea of electronically tying my life up in their proprietary security product. They're much more vigilant than they used to be about security issues, but they still often display a dogged obtuseness about the issue, as if the only reason for providing security fixes would be to protect their market share.
posted by dhartung at 11:18 PM on November 3, 2001
And while I think they make a decent operating system and office products suite and are very successful at marketing it, I'm more than a little disturbed at the idea of electronically tying my life up in their proprietary security product. They're much more vigilant than they used to be about security issues, but they still often display a dogged obtuseness about the issue, as if the only reason for providing security fixes would be to protect their market share.
posted by dhartung at 11:18 PM on November 3, 2001
Good point, Holycola. But Steve-o only makes one dollar a year at Apple. He got so rich so early that he apparently hasn't given much thought to building a fortune.
As cynical as it may seem, I still don't think Bill Gates is necessarily a good person. I think he has more money than he can possibly spend and recognizes the excellent PR he can get for giving it away.
His business sense is highly respected, but that's the very reason I don't trust him personally. Would you trust the best used car salesmen in a 100 mile radius? What about a salesmen who was proven in a court of law to illegally force other businesses into the ground?
Apple is Steve Jobs : Innovative and arrogent to a fault. Microsoft *is* Bill Gates : Ruthless and successful.
posted by jragon at 11:20 PM on November 3, 2001
As cynical as it may seem, I still don't think Bill Gates is necessarily a good person. I think he has more money than he can possibly spend and recognizes the excellent PR he can get for giving it away.
His business sense is highly respected, but that's the very reason I don't trust him personally. Would you trust the best used car salesmen in a 100 mile radius? What about a salesmen who was proven in a court of law to illegally force other businesses into the ground?
Apple is Steve Jobs : Innovative and arrogent to a fault. Microsoft *is* Bill Gates : Ruthless and successful.
posted by jragon at 11:20 PM on November 3, 2001
davidmsc: given Ashcroft's touchy-feely Yay Microsoft settlement, I was unaware that the DoJ still had and antitrust division.
posted by Vetinari at 11:29 AM on November 4, 2001
posted by Vetinari at 11:29 AM on November 4, 2001
« Older Me First and the Gimme Gimmes! | How lyrics work, Newer »
This thread has been archived and is closed to new comments
Let's try to keep this in perspective. I hate "Passport" and have no intention of ever getting one if I can possibly avoid it, but this isn't a "major" bug as such.
posted by Steven Den Beste at 8:22 PM on November 3, 2001