MS Passport holes
Published by marco on
Wired reports that there’s a relatively gaping hole in the Microsoft’s Passport service. This service holds all of a user’s personal information and can also hold credit card and financial information. It’s being touted as a keyring for the Internet, kept secure by Microsoft. If you have a HotMail account, you have a PassPort (it may or may not have your credit card information, though). However:
<q>In a demonstration of the exploit earlier this week, Slemko sent Wired News a specially crafted but innocent-looking e-mail. Moments after the e-mail was viewed using Microsoft’s Hotmail Web-based e-mail service, Slemko rattled off, over the phone, the credit card number and contact information from the user’s Passport wallet.</q>
This has been a don’t entrust your information to the one company that has repeatedly demonstrated that it has no clue about security service announcement.