Home > Privacy, Security > Passport Problems Could Cost Microsoft Passport Problems Could Cost Microsoft Eugenia Loli 2003-05-09 Privacy, Security 30 Comments Microsoft faces a possible investigation and significant fines for a security lapse that could have exposed the personal information of millions of consumers. About The Author Eugenia Loli Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker. Follow me on Twitter @EugeniaLoli 30 Comments 2003-05-09 2:20 am This is just one step closer to holding corporations liable for shoddy software engineering and implementation. The problem will be when people get used to suing companies for bad software (there has yet to be precedent set over it, but Korea and the FTC are starting a trend, it appears) and then expect the same commitment from individuals. Thankfully there is the GPL to keep Free Software developers safe… but I don’t think it’ll apply to RedHat. What happens when RedHat is held liable for a software glitch in KMail that deletes someone’s email with job offers or whatever? This doesn’t sound good, even though I am relishing the FTC kicking Microsoft’s ass 😉 2003-05-09 2:23 am I have always been skeptical of the security of the Passport system or any for that matter. This flaw just comfirms my belief that one should be very cautious when making transaction on line where personal information is involved. 2003-05-09 2:23 am Just saw this on Reuters, too. Microsoft still doesn’t seem to get the security issue…it’s one thing to be hacked, another to leave the door wide open, as in this vulnerability. It’s particularly painful as I’ve been one of the biggest proponents of XP and Win2k’s virtues here. I’m not a Passport user for many reasons, one in particular being that I had a feeling it was only a matter of time before something like this happened…that, and I just don’t shop much online, also because of concerns that something like this could happen (It’s not solely Microsoft’s problem) Oh well. One step forward, two steps back. 2003-05-09 3:05 am Time for Bill to pull out the ol checkbook and payoff some more members of the Bush administration to make it all go away. (hurry up and buy some more of that new crap from Redmond folks) 2003-05-09 3:31 am Who is going to investigate MS/slap the $11000.00 fine? John Ashcroft or George Bush?? Pleaseeeeeeeeeee! 2003-05-09 3:43 am This is what is bad about Passport and .NET. One big login that does everything for you. Automatic. It shifts the control into the hands of one big company, who controls everything you have access to. Also, if one service has a flaw in it and you password is compromised, then ALL of your services and information gets compromised. Lame. 2003-05-09 4:17 am Trustworthy computing? In the words of dear Bill: http://www.wired.com/news/business/0,1367,49826,00.html 2003-05-09 4:58 am I’m not sure companies should be sued for security breaches and such because you would have people going sue happy, even when it’s not called for. This kind of endless litigation is not good for the companies or the end users. However, I do think that these companies should be held somehow accountable for these kind of things, without greedy individuals trying to sue them for $$ every time they turn around. If a company is going to gather and store people’s personal & financial info, IMHO, they have a responsibility (both legal and ethical) to make sure that information is secure. And personally, I think companies who store credit card numbers on servers that are online without encrypting said info, they should never be allowed to engage in ecommerce again. 2003-05-09 5:26 am “This is what is bad about Passport and .NET. One big login that does everything for you. Automatic. It shifts the control into the hands of one big company, who controls everything you have access to. Also, if one service has a flaw in it and you password is compromised, then ALL of your services and information gets compromised. Lame.” The price one pays for anything convient. Now if authentication/authorization were more client-side. One could use the chip in their hand with a reader to make the process easier. 2003-05-09 6:46 am One could use the chip in their hand with a reader to make the process easier. <p>It’s not far off… 2003-05-09 10:04 am “One could use the chip in their hand with a reader to make the process easier.” I would prefer a retina scan… Mhhh… how I loved “Minority Report”… 2003-05-09 11:32 am Next we turn to our technology news correspondent, Anne Droid… “From the same company that brought you spying Windows Media Player (and only admitting to it once it was caught) comes another in a long line of security breaches, not the least of which was recent IE crashing bug…” 2003-05-09 11:42 am From the same company that brought you spying Windows Media Player Wasn’t that Real Player? 2003-05-09 11:46 am Wasn’t that Real Player? ——- Real did it/does it too. 2003-05-09 12:44 pm The .net integration for the WinXP is a bad idea. As for me I us .Net only to check my Hotmail account. But i don,t use MSN messenger. It sucks bcos it is integrated into my OS with the .net passport which is not good w.r.to security Always try to delete the .net passport integration from user properties. Try using .netpassport for authentication from your browser as far as possible. 2003-05-09 1:34 pm Why don’t you get rid of crappy hotmail and use something better. I can understand you using MSN messenger for a bit longer to be in touch with people who use it. And, MSN messenger(and your XP .net Passport) does not even need a hotmail address to work. What’s wrong with this plan? 2003-05-09 3:29 pm How long before Bush calls that judge who should have investigated the anti-competitive attitude of MS ? 2003-05-09 3:38 pm I mean, this is why I never, nor will I ever, create a Passport account! It was only a matter of time, and, I doubt this will be the last time! Screw convenience, I want security! Really, how hard is it to type in a 16 digit number every once in a while? 2003-05-09 3:56 pm Open up a Discover card account. They have a free service that you can use that will generate a temporary Credit Card number that is linked to your actual card. That number can only be used once. If you use it online and someone captures it then it’s useless…..Just a thought. I agree the only thing I use passport for is to just log into a few things…I keep no info on it and the info that is required in order to open a passport ID is all false just in case it is comprimised. 2003-05-09 4:32 pm Trustworthy computing, anyone? 2003-05-09 4:54 pm “Really, how hard is it to type in a 16 digit number every once in a while?” Agreed, of course though, there are those people who want to make a purchase and they don’t have their card handy, maybe their wallet or purse is in the bed room or even in their car. I take orders for a company and had people call and they give me a credit card number and when asked for the expiry they’re like “I don’t remember, I was giving you the card number by memore/from a statement. Please wait while I go to the car and get my purse.”, I kid you not, they leave their purse in the car. And that person was grilling me about the security of their transaction over the phone and they’re leaving it where anybody could swipe it. 2003-05-09 5:13 pm I’ve tried cancelling my Passport account and since I can’t remember my password and I didn’t transfer my address over when my provider switched from @home it seems impossible to do. I haven’t used the account for a long time and I don’t want it to be in their computer systems anymore. I’ve tried reaching the “Customer Service” via e-mail and they’re of no help – in fact my inquiry was oringinally to the legal department and was forwarded (you’d think in this case they would get it right). There’s no number I can call. I was promised a response to an inquiry within 4 hours through a form on the website and many hours later: nothing. basfe25 > Discover seems to have gotten something right with CC transactions on the Net. Visa and Mastercard should follow suit. 2003-05-09 5:37 pm ” I mean, this is why I never, nor will I ever, create a Passport account! It was only a matter of time, and, I doubt this will be the last time! Screw convenience, I want security! Really, how hard is it to type in a 16 digit number every once in a while?” If that’s the ONLY number you’ll ever have to deal with, great? However most people in this day and age are drowning in numbers and passwords. Hope your memories sharp, because forgetting one can be inconvenient (says the guy who forgot is pin for a month). 2003-05-09 5:39 pm Where they “donate” software? Or maybe this time it will be one of its paid services. “Yes, Your Honor, the first month will be free.” And after that? More business for us. So everybody wins. Yes, your Honor. Hey, Trust Microsoft to “innovate” by bringing the win-win concept to stale ideas like penalty and deterrent. 2003-05-09 6:03 pm Makes you wonder how truely secure Windows 2003 REALLY is. Will it keep information or send it to Microsoft? 2003-05-09 7:41 pm law suits make me laugh. Unless they’re against me of course. What is so funny is all you capitalists. You don’t realize that MONEY and these law suits and software patents and IP and crap just slows you down. You’d have Longhorn by now if Microsoft was working on making their software instead of making money. You’d have a secure passport if they designed a secure authentication system to begin with instead of designing an easy authentication system to make money. I hope for more law suits and more laws. This will mean more criminals and more punishment which in turn will mean less productivity and less return on investment. At this rate maybe we can start another depression. Who’s with me? Eh, comrades? 2003-05-09 11:01 pm “I hope for more law suits and more laws. This will mean more criminals and more punishment which in turn will mean less productivity and less return on investment. At this rate maybe we can start another depression. Who’s with me? Eh, comrades? ” Comrades indeed. Now, how’s russia’s economy again? 2003-05-09 11:19 pm To many people that argue about users with a large number of passwords. Well, I have and, no, I don’t trust in anyone else to take care of them. My solution when memory fail is to consult one piece of paper cyphered that I carry in my wallet (I have two extra that I leave in my house). Sorry, no eletronic devices for that. 2003-05-10 1:30 am Do you remember when passport first reared its ugly Head? There were post all over the web warning to not trust your personel info to Microsoft (which people still do every day by running their OS) I guess all the Linux geeks are just laughing it up screeming I told you so. 2003-05-10 6:01 am no not laughing, more smoking cigars and counting money since this caused another influx of new clients..