They can’t tell method=“get” from method=“post”.
This is old news in Slashdot land, but there has apparently been a vulnerability in Passport for who knows how long that allowed anybody to reset and recieve a new password for anybody else’s hotmail/passport/.net account.
Hope none of you gave them your CC numbers.
Sorry Dooku, but this is really, really fucking stupid.
Trusted computing my ass.
Wow… that’s a pretty basic thing to screw up. Good thing nobody uses Hotmail for anything serious, right?
…Right?
Damn straight. Especially since I earn a few bucks in my spare time fixing spontaneous brain farts in people’s Windows systems. Four hours last night because windows 2000 on one client decided it didn’t want to use its domain server stored user profile for one user any more. Fun was had by all. Sheesh.
Flaming Microsoft for stupid software problems is a lot like flaming George W. Bush for not pronouncing “nuclear” correct, ainnit? A bit too easy, don’cha know…
Yep. It’s stupid alright. We do a bunch of stupid things.
However, it doesn’t really have anything to do with me. I appreciate the thought, but I’d prefer to not be the “MS-Guy” around here. I come here to fight ignorance and have a good time, not to be the corporate spokeperson. I only visit threads like this when I’m named, or if I feel I can positively contribute.
I didn’t know you were the ‘MS-Guy’ until you stated that you prefer not to be known as such.
Fix my word please.
Mind you - If I worked for MS (which would actually be cool) I wouldn’t take the mass contempt personally either. The place I do work at does some cum-feltchingly goat-guzzlingly stupid things, things that make me laugh.
So you must have been pretty confused when the OP mentioned me specifically, eh? 
Done. 
I don’t take the mass contempt personally. I take misinformed opinions about the way I do my job personally, however. I would expect no less from any Doper.
There’s a follow-up here, saying MS has fixed the flaw.
My favorite part (bolding mine):
'Cause everyone wants a security flaw.
And if I’m reading it correctly, I find it distressing that MS could let a security flaw of this magnitude remain unpublicized and unadressed for eight months. I mean, gosh, I appreciate the investigation and all, but maybe ya think ya coulda investigated a little faster?
Reason #45657859818875: That damn “o” key that doesn’t work
Actually, that’s reason #1 SuSE sucks, 'cuz I (happily) don’t run Windows…
As of latest reports on www.heise.de, Microsoft still has some spot that aren’t fixed. They reference a site with reports from people who report in after trying the exploits in their area.
Part of the reason M$ gets flamed so often/disproportionately is that they’re the dominant and most widespread player.
And they suck 
(my religion made me type that, GodJobs would strike me down if I failed to include it…)
Hey, it’s the truth, ainnit?
And GodJobs wouldn’t strike you down, he’d simply cuss you out for being an idiot and then throw something at you.