WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Passport Flaw Exposes User Info
Microsoft is working to fix hole that could reveal credit card info.
Scarlet Pruitt, IDG News Service
Microsoft has scrambled to shut down a flaw in its Passport service that could potentially reveal users' critical personal information, a company spokesperson confirmed Thursday.
The flaw, which was reported to the company late Wednesday, was located in the service's password recovery system and would allow attackers to change an account password if they knew the user name.
Adam Sohn, a product manager with the Passport team, said Thursday that the flaw has been shut down and that the company is working to quickly fix the matter.
Serious Situation
While Sohn said a preliminary investigation suggested that the vulnerability was not seriously exploited, it could potentially pose a large security threat to Passport users who store critical personal information such as credit card information with the service to access various online sites and services without having to retype information.
The vulnerability was in the function that allowed users to request a forgotten Passport password via e-mail. By tricking the system into initiating an e-mail password reset process, a malicious attacker could then request that the password be sent to a different e-mail address, Sohn said.
Microsoft has turned off this feature while it fixes the problem, and users requesting a forgotten password were instructed to use other means, such as going through the customer service support page.
Sohn said that the problem should be fixed "within hours" and that the company is actively investigating the matter.
- Sponsored Resource:Improve your network with the right mix of features, performance and pricing.
- Sponsored Resource:Growing your business requires the right tools. Dell's networking servers can help.
- Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
- Sponsored Resource:Twitter: A how-to guide for using Twitter as a business tool.
- Sponsored Resource:Smartphone security threats are on the rise. Is it time to safegaurd your device?
Print 65% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.
The Best of PC World
Featured APC Accessories For Your System
10% Off Entire Cart at Online Store
-
APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
-
APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.
People who read this also read:
Best Prices on Antivirus Software
Norton AntiVirus 2009 (Full Product)Price: $14.84
VirusScan Plus 2009 - 3-User (Full Product)Price: $4.00
Anti-Virus 2009 (Full Product)Price: $17.85
VirusScan Plus 2009 (Full Product)Price: $4.00
McAfee VirusScan Plus 2008 (Full Product)Price: $3.23
Mcafee McAfee 2009 VirusScan Plus- 1 User Download Version (VSF09E001RKA)Price: $12.27
-
Cisco Small Business Center Find out how to keep employees mobile, connected and productive with secure wireless networking.
-
Dell Servers for Small Business Click here to see how a Dell server can help you back up your company's data and save you valuable time.
