Microsoft owns and is in control of "hotmail.com" and "msn.com". http://BriansBuzz.com/w/030522/ "Weaknesses in Microsoft's "single sign-in" Passport technology forced the Redmond company early this month to temporarily shut down the ability of Passport users to change their passwords. One of the newly-discovered flaws permitted anyone to change an existing Passport account's password at will. This gave the intruder the use of any credit-card numbers that had been entered by the original user. The password change could be accomplished by simply visiting Microsoft's Passport site, Register.Passport.com, and including a user's e-mail address - such as example@hotmail.com - as a parameter in the address bar of the visitor's browser. In response, the Passport site then sent a "change password" link by e-mail to any e-mail address that had been included as a second parameter. The incredibly simple exploit came to light when security researchers in Pakistan announced it on May 7. The following day, Microsoft disabled the password-change procedure, which had been added to Passport in September 2002. The company then released a bulletin on May 9 saying the problem had been corrected. ... Numerous experts have found other serious weaknesses. For example, researchers at AT&T Labs warned in a 2000 publication that Passport's redirection of browsers to Microsoft's servers was not protected by SSL (Secure Sockets Layer), again leaving passwords open to inquisitive ISP employees." -- Duaine Hechler Piano, Player Piano, Organ, Pump Organ Tuning, Servicing & Rebuilding Associate Member of the Piano Technicians Guild Reed Organ Society Member Florissant, MO (314) 838-5587 dahechler@charter.net
This PTG archive page provided courtesy of Moy Piano Service, LLC