Major .NET Bug Reported

Posted by: Anonymous

Major .NET Bug Reported - 11/03/01 11:48 PM

Today's MacInTouch has link to:<br><br>,1282,48105,00.html<br><br>The Wired article reports on a major flaw in the .NET system , no longer available because Microsoft has withdrawn the capability for time being, wherein ALL USERS of Passport "feature" who provide any of their personal data, including credit card numbers etc., for convenience in shopping etc. etc. are/were subject to relatively easy access by the person who developed the exploit.<br><br>Person who developed the exploit did so in thirty minutes. Microsoft claims there was no real danger because figuring out the exploit would be "too complicated," (Duh...this guy did it in 30 minutes) but also withdrew the Passport service temporarily.<br><br>The exploit was discovered by one of the key people of Apache who obviously has an axe to grind, but who reported it first to Microsoft before making it public.<br><br>I share that view. It's shared by many who consider the security of Mac OS X server, Apache, anyone running a competent server platform based on Linux, Free BSD, or whatever.<br><br>1. Why would anyone, possibly a Mac user who signs up for Passport when verifying registration (or whatever), which MAY BE OPTIONAL, when Office X ships? Notice the "may" qualification.<br><br>Is there some GOOD reason for putting all of your personal data from credit card numbers to social security number to all of your MONEY or Quicken data in the hands of ANY one online source?<br><br>One source. One hack. You're dead.<br><br>2. And if you elect to pick one source, why in the world would you choose Microsoft in view of all of their recent history of everything from security problems to the assorted worms that have endangered the very viability of the Internet?<br><br>Do you trust Bill Gates with all of your personal financial information?<br><br>Or suppose that some prankster hacks your info, but is not malicious, but something of a jokester, and takes advance, say, of the easy access to your eBay account that's one of the many "features" of Passport/.NET? Hmmm....wouldn't it be funny, the hacker might think, for "you" to place a $300,000 bid on some unusually expensive item?<br><br>Use your imagination.<br><br>If you think I have a personal axe to grind you're absolutely correct. One of my personal use computers is a Peecee and it's running (a figure of speech) Microsoft Windows XP Professional version. But I didn't take the "opportunity" (which I'm constantly being reminded about by messages that pop up now and then) during the required online registration to sign up for ANY aspect of .NET, let alone Passport.<br><br>I may be an old fool, but I'm not that big of a fool.<br><br>Bill Gates already owns the souls of 95% of the personal computer users of the world in terms of OS.<br><br>But why should he expand that control over the personal financial lives of those unfortunate people?<br><br>Fortunately, only a few, about TWO MILLION, people have signed up for Passport thus far.<br><br>
Posted by: watcher

Re: Major .NET Bug Reported - 11/04/01 10:10 AM

that's probably why I gave no info whatsoever to MSN and still took a passport.<br>which belongs to a nobody, who has nothing and cannot be, e-traced.<br><br>