It seems there has been a flaw in Microsoft’s Passport that let hackers access anyone’s Passport account and (for example) access their Hotmail account or grab their credit card details.
Given the importance of this software, the part of the report that surprises and alarms me most is that despite Microsoft’s announcement at the beginning of last year that it would focus on improving the security and stability of its software:
“Reportedly Mr Danka [the guy who found the bug] sent 10 messages to Microsoft detailing the vulnerability but got no response.
Microsoft only reacted when information about the flaw was posted online.”
Instead of giving all your valuable information to Microsoft for convenience’s sake in order to help you avoid putting in your credit card details, name address etc into every site, the Liberty Alliance (including Sun, AOL, and HP) wants to “allow users to link identity information between accounts without centrally storing personal information” using open standards (emphasis mine). Surely a better approach, whatever you think of Microsoft!
