Forwarded from: Robert G. Ferrell <rferrellat_private> > Security researchers have discovered a vulnerability in Microsoft > Corp.'s Hotmail service that allows hackers to bypass security > questions that users must answer before resetting their passwords. Sorry, but if you're relying on Microsoft to provide security, you pretty much deserve what you get. Hotmail, especially, has been the subject of a long string of embarrassing and extremely glaring security glitches. But it's really only the tip of the iceberg. Jericho and I had a discussion about Microsoft's security posture over a few beers the other day, and I'm fully in agreement with his stance, which is basically that the new emphasis on secure programming is a smokescreen designed to reassure the gullible without really effecting any change in their corporate culture. They'll crowd their coders into some classrooms for a month, milk the experience for all the publicity they can, and then go back to spitting out the same feature-soaked, security-poor software they always have. But now they can slap little colored labels on it that say "security-enhanced" or some other misleading and completely bogus claims. Bill Gates is a billionaire. The reason he's a billionaire is that people buy anything and everything that Microsoft cranks out, without questioning it, in the same consumer herd mentality that's produced so many tycoons in the past. He's obviously seriously successful; why on earth would he he want to change a formula that's worked so well up to now? A few of us in the security community pissing and moaning about his crappy software won't make a scrap of difference unless John Q. Public stops buying it. We can complain until we get blue in the face and pass out, for all he cares. Caveat emptor isn't just an aphorism these days, it's a matter of survival. Cheers, RGF Robert G. Ferrell rferrellat_private http://rferrell.home.texas.net/rgflit.html - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Feb 13 2002 - 05:54:19 PST