This is old news in Slashdot land, but there has apparently been a vulnerability in Passport for who knows how long that allowed anybody to reset and recieve a new password for anybody else’s hotmail/passport/.net account.
Hope none of you gave them your CC numbers.
Sorry Dooku, but this is really, really fucking stupid.
Damn straight. Especially since I earn a few bucks in my spare time fixing spontaneous brain farts in people’s Windows systems. Four hours last night because windows 2000 on one client decided it didn’t want to use its domain server stored user profile for one user any more. Fun was had by all. Sheesh.
Flaming Microsoft for stupid software problems is a lot like flaming George W. Bush for not pronouncing “nuclear” correct, ainnit? A bit too easy, don’cha know…
Yep. It’s stupid alright. We do a bunch of stupid things.
However, it doesn’t really have anything to do with me. I appreciate the thought, but I’d prefer to not be the “MS-Guy” around here. I come here to fight ignorance and have a good time, not to be the corporate spokeperson. I only visit threads like this when I’m named, or if I feel I can positively contribute.
Mind you - If I worked for MS (which would actually be cool) I wouldn’t take the mass contempt personally either. The place I do work at does some cum-feltchingly goat-guzzlingly stupid things, things that make me laugh.
So you must have been pretty confused when the OP mentioned me specifically, eh?
Done.
I don’t take the mass contempt personally. I take misinformed opinions about the way I do my job personally, however. I would expect no less from any Doper.
There’s a follow-up here, saying MS has fixed the flaw.
My favorite part (bolding mine):
'Cause everyone wants a security flaw.
And if I’m reading it correctly, I find it distressing that MS could let a security flaw of this magnitude remain unpublicized and unadressed for eight months. I mean, gosh, I appreciate the investigation and all, but maybe ya think ya coulda investigated a little faster?
As of latest reports on www.heise.de, Microsoft still has some spot that aren’t fixed. They reference a site with reports from people who report in after trying the exploits in their area.