 |
| | | May 11, 2003
|
|
|
 |
Sunday, May 11, 2003 |
|
A Passport glitch
As the sun was going down on the West Coast of the United States on Wednesday, Redmond, Washington-based Microsoft struggled to handle both the scope and the ensuing embarrassment of a publicly announced critical security vulnerability in its Passport authentication service.
A Pakistani student posted on a security mailing list details about an easy to exploit flaw in the service's password reset function that allows users who have forgotten their passwords to set new ones for their accounts. When resetting passwords, Passport subscribers may opt to receive authentication details at an alternative e-mail associated with their account. But according to Muhammad Faisal Rauf Danka, the person who broke the news, Passport generated an URL, which allowed this address to be changed. Mr. Danka added that he had discovered the hole after his personal and his friend's accounts had been compromised using the technique.
Microsoft deplored the public revelation, but the student reportedly said he had sent multiple e-mails to the company and all of them had been left unanswered. Within hours of the first reports, the software giant had disabled the password reset feature and overnight, Microsoft security teams had the flaw fixed.
The vulnerability, however, could be costly to the software maker. In August 2002, Microsoft signed an agreement with the U.S. Federal Trade Commission (FTC) to boost Passport's security features, which allowed the FTC to impose $11,000 fines on the company for each violation. Although the number of compromised accounts is still undetermined, given the 200 million subscribers of Microsoft's Passport, the giant may face gargantuan penalties.
More from: CNET News.com 1 2 3 | CRM Daily | Microsoft | PC World | The Register | Reuters | VNUNET.com
Security Watch
 Passport's flaws weren't the only security-related woe for Microsoft this week. Some users of the company's Windows Media Player were advised to update their programs after a security hole was discovered in product versions 7.1 and 8.0 for Windows XP. According to released security bulletins, inappropriate handling of skin downloads can allow hackers to place potentially malicious executable files on vulnerable systems, penetrate security and cause significant damages.
More from: CNET News.com | IDG.net | Microsoft
Meanwhile, one of the most popular instant messaging applications, ICQ, was found critically vulnerable to attacks. In an advisory, Boston-based Core Security Technologies announced it had discovered six holes in the popular chat program. Even though four of the unveiled flaws could be considered minor, two of the issues may lead to execution of code of a hacker's choice and even freeze a user's computer by directly meddling with the system's CPU. ICQ, which is owned by America Online, has not released patches for the issues yet. Core Security Technologies noted it had attempted to contact the company's security teams on multiple occasions, but no response had been received before the advisory's public release.
More from: CNET News.com | Core Security Technologies | TechWeb | VNUNET.com
 |
Apple's iTunes Music Store has turned into a stunning success. |
Fighting piracy proving successful?
Only a week after Apple opened its online music shop, the computer maker reported one million songs downloaded through the service. The overwhelming publicity and the rave reviews surrounding the official launch, matched with the generally positive results, indicate a growing interest in legal and easy to use music buying services on the Internet. Apple allows its users to download high-quality music for 99 cents per single and $9.99 per album -- now, a proven business model, in stark contrast with other similar services, working with monthly subscription fees and extraordinarily tight distribution restrictions.
The company's success has been seen as good news for organizations on the forefront of online piracy. Combining the educational, legislative and judicial efforts of industry groups like the Recording Industry Association of America (RIAA) with Internet music stores with enhanced capabilities may eventually turn into a winning strategy.
According to a newly released study by Nielsen//NetRatings, music-swappers are prone to buying songs online. Of the more than 36,000 Internet users surveyed, rap is the No. 1 genre preferred by file-traders, who would rather download songs from an Internet store than go to a physical music shop.
Albeit there might be purchasing potential among file-sharing users, law enforcement authorities are unrelenting in their fight with copyright infringement. In an overnight raid, police officials seized PCs and other equipment from a dormitory at Ohio State University in the United States. Investigators claimed a major file-swapping server had been run by the students, using the university's high-speed Internet connection. Although no arrests were made, charges and hefty penalties may be pending.
More from: Audio Revolution | CNET News.com | Reuters | PC World | The Lantern | The Register
Thursday named 'Spamday'
Unlike music, movie and software piracy, which according to multiple studies is slowly decreasing, Internet Service Providers (ISPs) are continuing to tackle the growing issue of spam.
Earlier in the week, Microsoft's MSN division unveiled a new enhanced set of tools to combat unsolicited commercial e-mail delivered to the inboxes of the company's MSN 8 and Hotmail users. Subscribers now have the option to disable images within messages, often used by spammers to track and confirm active e-mail accounts. At the same time, MSN reported its anti-spam filters now block 2.4 billion messages each day.
The piles of unwanted mail triggered another ISP, EarthLink, to sue a notorious e-mailer, dubbed "The Buffalo Spammer," a few months ago, and now the company seems satisfied with a U.S. District Court ruling, forcing Howard Carmack, the spammer's real name, to pay $16.4 million in damages. EarthLink claimed Mr. Carmack, a Buffalo, NY resident, illicitly sent 825 million messages, starting in March 2002. Carmack did not appear during the court session.
At the same time, British Internet access provider BT OpenWorld named Thursday the busiest spam day of the week. The company also found 41 percent of the e-mails reaching its servers could be categorized as unsolicited commercial mail. To confirm the trend, Brightmail, a top spam-filtering solutions provider, said unwanted e-mails were 4.5 percent more in April than in March this year.
More from: CNET News.com 1 2 | InternetNews.com | The Register | TechWeb | VNUNET.com 1 2
In Other News...
In a filing with the U.S. Securities and Exchange Commission, the world's No. 1 computer maker, Dell Computer Corporation, disclosed a plan to rename the company to "Dell Inc." The document, in part, read: "While Dell began as a supplier of personal computers, our capabilities now reach deeply into the enterprise and we are a leading seller of servers, storage systems and other technology products and services." Before being implemented, the new name needs to win shareholder approval.
George Morrow, one of the pioneers of the computer industry, died at the age of 69 on Wednesday. A prominent mathematician and a computer programmer, Mr. Morrow was involved in the creation of some of the first hardware and software designs and was a participant in Berkeley's Homebrew Computer Club, a group whose members later founded some of the leading companies in the industry's history.
AOL Time Warner's Vice Chairman and founder of CNN, Ted Turner, sold more than half of his shares at the media conglomerate on Monday. Of the 60 million shares traded (worth over $800 million), more than $130 million were donated to a charitable trust. Mr. Turner is widely expected to retire from AOL Time Warner in the short term, but a statement issued by the company says for the time being he will continue to serve on the board and "remains supportive of management."
Internet's most popular search engine, Google, is reportedly working on a new search tool, specifically designed for web logs (a.k.a. blogs). The move comes after the California-based search company acquired Pyra Labs, the largest blogger services provider, earlier this year. The new content-oriented search is expected to be featured on Google.com's tab bar.
Microsoft officially announced the next Windows operating system, currently codenamed 'Longhorn', won't be commercially available until 2005. The original target date was set for sometime at the end of 2004.
|
|
|
|
|
|
| |
