Neowin.net

Microsoft security service said to allow some account hijackings.

A newly disclosed vulnerability could let attackers reset passwords and hijack older Microsoft .Net Passport accounts, according to a message on an online mailing list discussing software vulnerabilities.

.Net Passport is Microsoft's online identity management service. It enables customers to use a single e-mail address and account password to sign on to a variety of affiliated services and Web sites. Microsoft's free Hotmail e-mail service and a number of partner sites support .Net Passport.

New Vulnerability

The vulnerability is in code used to help users who have forgotten their account password.

Microsoft has implemented a Secret Question feature to validate the identity of a user who needs to reset an account password. But according to the security list discussion, attackers can manipulate this feature on .Net Passport accounts that were set up before Microsoft implemented the Secret Question function. The flaw was described in a message posted by Victor Manuel Alvarez Castro, who identifies himself as a security consultant.

News source: PCWorld

DAVID AND GOLIATH

Vodafone operations already use bare-bones RealNetworks software to bring live TV and music clips to handsets.

The deal will also affect mobile phone purchases, since Vodafone will tell vendors it prefers handsets with RealOne.

"Real will be able to sell to many more operators and handset vendors on the back of this deal," said industry analyst Neil Mawston at Strategy Analytics.

He said Real was now also well ahead of rivals such as Israel's Emblaze and PacketVideo.

A tough challenge looms, however, from software titan Microsoft, which already took a big chunk of the market for software that feeds live media to personal computers -- after Real pioneered the product in the 1990s.

Microsoft includes its Media Player in the ubiquitous Windows software that runs 90 percent of all personal computers and about half of all handheld computers.

Cell phones, however, will be no pushover for the world's largest software company, with hardly any of the 450 million cell phones that will be sold this year running on Windows.

As for RealNetworks, Finland's Nokia is so far the only handset maker with the RealOne player pre-installed on some mobile phone models, although Siemens AG and Samsung Electronics will soon start selling high-end handsets with the software.

The software will also be available for downloading to some phones and comes pre-installed on a several handheld computers from Palm, Hewlett-Packard and NEC.

Windows Media Player and RealOne generally are not compatible and cannot decode and play content encoded in the other format.

The RealNetworks software in Vodafone's mobile networks, however, will allow streaming of other formats, including the open MPEG4 format, Apple Computer's QuickTime and Windows Media Player. This keeps Vodafone's options open to include Microsoft devices in its handset range.