Stealing MS Passport’s Wallet
Wired News:
Stealing MS Passport’s Wallet
12:25 p.m. Nov. 2, 2001 PST
To correct serious security flaws, Microsoft on Friday disabled the virtual wallet function of its Passport service and has begun notifying partners about the vulnerabilities, the company has confirmed.
The bugs in Passport, a sign-on service used by more than 200 million people, were discovered this week by Marc Slemko, a software developer who lives near Microsoft’s Redmond, Washington, headquarters.
Besides posting it at his site, Slemko intends to release the technical details on several security mailing lists Friday “so that, if they choose, users and partners can choose to reduce the impact on themselves,” he said. Because of the severity of the flaws, Slemko withheld publication until Microsoft had an opportunity to correct it.
