[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    Microsoft acknowledges software glitch that exposes e-mail
From:       mea culpa <jericho () DIMENSIONAL ! COM>
Date:       1999-08-20 5:59:39
[Download RAW message or body]

From: William Knowles <erehwon@kizmiaz.dis.org>


Microsoft acknowledges software glitch that exposes e-mail  passwords

WASHINGTON (August 19, 1999 10:00 p.m. EDT http://www.nandotimes.com)
Microsoft Corp. said Thursday a bug in its new Internet chat software that
permits coworkers and others to see a person's e-mail password.  It
promised to fix it by week's end.

The glitch in the company's new "MSN Messenger" software means that others
who have access to a person's computer could impersonate that person to
read and even send e-mail using his "Hotmail" account without anyone's
knowledge.

Microsoft said that even if customers delete their saved password and
enter it manually, it still becomes visible if another person types a
specific sequence of keystrokes on that computer.

Microsoft, whose software runs most of the world's personal computers,
promised to fix the problem by the end of Friday. The company said it was
made aware of the bug earlier this week.

Deanna Sanford, the product manager for MSN, said the bug's ill effects
were mitigated because a person must have physical access to the victim's
computer, meaning the problem will be worse in offices where coworkers
share machines than for home users.

"In a shared office environment, if you trust the people you work with,
this will probably never be an issue," Sanford said. But she said
Microsoft recommends protecting each computer with a password.

The problem was the latest embarrassment for Microsoft over its attempt to
capture part of the burgeoning market for Internet chat software,
currently dominated by America Online Inc.'s "Instant Messenger" software.

When Microsoft unveiled its chat software earlier this month, AOL
complained that Microsoft engineers had hacked into its proprietary
network to let MSN customers communicate with AOL's customers.

AOL successfully blocked Microsoft's software several times, but with each
attempt Microsoft redesigned its chat software to bypass AOL's blocking
attempts.

MSN Messenger customers currently can chat with people using AOL's
software, and Microsoft - in a bid for the moral high ground - announced
earlier this week it will release its software protocols so that other
companies can design software that interoperates with MSN.

The latest Microsoft bug occurs when customers use the software to check
their e-mail using Microsoft's popular Web-based "Hotmail"  service. If a
person stops the resulting Internet page from loading and looks at the
underlying software code - which requires merely three clicks with the
mouse - the user's e-mail name and password are displayed in plain view.

Sanford said Microsoft will scramble the information in the upcoming
patched version using encryption technology.

ISN is sponsored by Security-Focus.COM

[prev in list] [next in list] [prev in thread] [next in thread]