Security flaw in Microsoft Passport
2003-05-12 06:53 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
mdlbearhttp://netscape.com.com/2100-1105_2-1000655.html?type=pt http://www.theregister.co.uk/content/6/30620.html
They provided a single form that allows you to "reset the password" for any account, and also specify the email address to mail the notification to! This is roughly equivalent to locking your front door and hanging the key on a hook next to the doorbell.
The really amusing part is that, if each of the 200e6 compromised accounts counts as a violation of an agreement they made last year with the FTC, the fine of $11K per violation would amount to $2.2trillion.
Think they'll have to pay up?
They provided a single form that allows you to "reset the password" for any account, and also specify the email address to mail the notification to! This is roughly equivalent to locking your front door and hanging the key on a hook next to the doorbell.
The really amusing part is that, if each of the 200e6 compromised accounts counts as a violation of an agreement they made last year with the FTC, the fine of $11K per violation would amount to $2.2trillion.
Think they'll have to pay up?
