Microsoft security service said to allow some account hijackings.
A newly disclosed vulnerability could let attackers reset passwords and hijack older Microsoft .Net Passport accounts, according to a message on an online mailing list discussing software vulnerabilities.
.Net Passport is Microsoft's online identity management service. It enables customers to use a single e-mail address and account password to sign on to a variety of affiliated services and Web sites. Microsoft's free Hotmail e-mail service and a number of partner sites support .Net Passport.
New Vulnerability
The vulnerability is in code used to help users who have forgotten their account password.
Microsoft has implemented a Secret Question feature to validate the identity of a user who needs to reset an account password. But according to the security list discussion, attackers can manipulate this feature on .Net Passport accounts that were set up before Microsoft implemented the Secret Question function. The flaw was described in a message posted by Victor Manuel Alvarez Castro, who identifies himself as a security consultant.
News source: PCWorld
A newly disclosed vulnerability could let attackers reset passwords and hijack older Microsoft .Net Passport accounts, according to a message on an online mailing list discussing software vulnerabilities.
.Net Passport is Microsoft's online identity management service. It enables customers to use a single e-mail address and account password to sign on to a variety of affiliated services and Web sites. Microsoft's free Hotmail e-mail service and a number of partner sites support .Net Passport.
New Vulnerability
The vulnerability is in code used to help users who have forgotten their account password.
Microsoft has implemented a Secret Question feature to validate the identity of a user who needs to reset an account password. But according to the security list discussion, attackers can manipulate this feature on .Net Passport accounts that were set up before Microsoft implemented the Secret Question function. The flaw was described in a message posted by Victor Manuel Alvarez Castro, who identifies himself as a security consultant.
DAVID AND GOLIATH
Vodafone operations already use bare-bones RealNetworks software to bring live TV and music clips to handsets.
The deal will also affect mobile phone purchases, since Vodafone will tell vendors it prefers handsets with RealOne.
"Real will be able to sell to many more operators and handset vendors on the back of this deal," said industry analyst Neil Mawston at Strategy Analytics.
He said Real was now also well ahead of rivals such as Israel's Emblaze and PacketVideo.
A tough challenge looms, however, from software titan Microsoft, which already took a big chunk of the market for software that feeds live media to personal computers -- after Real pioneered the product in the 1990s.
Microsoft includes its Media Player in the ubiquitous Windows software that runs 90 percent of all personal computers and about half of all handheld computers.
Cell phones, however, will be no pushover for the world's largest software company, with hardly any of the 450 million cell phones that will be sold this year running on Windows.
As for RealNetworks, Finland's Nokia is so far the only handset maker with the RealOne player pre-installed on some mobile phone models, although Siemens AG and Samsung Electronics will soon start selling high-end handsets with the software.
The software will also be available for downloading to some phones and comes pre-installed on a several handheld computers from Palm, Hewlett-Packard and NEC.
Windows Media Player and RealOne generally are not compatible and cannot decode and play content encoded in the other format.
The RealNetworks software in Vodafone's mobile networks, however, will allow streaming of other formats, including the open MPEG4 format, Apple Computer's QuickTime and Windows Media Player. This keeps Vodafone's options open to include Microsoft devices in its handset range.

i wonder how much time he gave MS to attempt to fix this. looking at the article, let me go change my zip code and stuff lol, not that i put my real info anyway
They should have fixed it, though, definitely.
So... name one company that codes bug-free projects of this magnitude. Is that too hard for you?
Besides, from the sounds of it this is more akin to people not running a windows update / service pack / hotfix for their software than a fault of ms'.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.