| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 |
||||
 |
|
|||
 |
||||
|
|
|
||
|
|||||||||||||||||||||||||||||||||||||||||
 COLUMN
Your Passport, please I REVEALED ON Sept. 10 that Windows 9x and Me store your user name and password as plain text in memory every time you dial an ISP and store the text for 10 minutes after you've disconnected. Many PCs are silently infected with Trojan horses that can easily read this information. People who use Microsoft's Passport authentication system, as all Hotmail customers are required to do, are likely to choose the same password for Passport and their dial-up account. With this password, a hacker can access any credit card numbers or other accounts that Passport has recorded.
In response to that column, reader Dan Ryan wrote, "You shouldn't lump together technical problems with design decisions you don't agree with. If users aren't vigilant about keeping passwords unique, that's hardly Microsoft's fault." Let me clarify: Using a single password to access your personal and financial accounts is central to Passport, which XP almost requires you to use. This is a design decision I don't agree with. The bundling of Passport with XP is certain to cause more e-commerce sites and Windows 9x and Me users to adopt the authentication scheme. Deciding not to issue a patch for all the Windows 9x and Me users is a technical decision I don't agree with. Brian Seitz, a spokesman at Microsoft's PR firm, Waggoner Edstrom, wrote, "It's certainly true that a Trojan horse program could compromise the user's security. However, this has nothing to do with Passport -- in fact, it's simply a restatement of the First Immutable Law of Security: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore." Seitz listed several steps Microsoft has taken to make it harder for a worm to run mobile code on a PC: the Outlook E-mail Security Update, part of the Outlook 2000 Service Pack 2 and Office XP; the inclusion in Windows XP of Internet Connection Firewall and Software Restriction Policies (which can be configured to prohibit mobile code); and Outlook Express 6.0, which includes security changes similar to Outlook 2000 SP2. Yes, XP and the latest versions of Outlook and Outlook Express do close some security holes. But Microsoft required all Hotmail users to switch to Passport, not just the ones who have the safer, upgraded programs -- and that exposes the passwords of Windows 9x and Me users to risk. Brian Livingston's latest book is Windows Me Secrets. Send tips to tips@brianlivingston.com. Go to www.iwsubscribe.com/newsletters to get Window Manager and E-Business Secrets free each week via e-mail.  RELATED SUBJECTS  Operating SystemsMORE > SPONSORED WHITE PAPERS 
SPONSORED LINKS
|
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
