An open-source programmer spent about a half-hour combining a couple of known web site vulnerabilities to come up with a mechanism to let someone exploit the Microsoft Passport scheme and steal (or take advantage of) credit card information.
Microsoft’s response?
Well, they admitted the security analysis was “valid.”
They removed the vulnerability. This vulnerability, at least. Beyond that?
“Ultimately, the big takeaway from this is that there is no evidence that anyone has ever taken advantage of this,” said Adam Sohn, product manager for Microsoft’s .Net platform strategy group.
[…] He added that the attack would not have been successful if the potential victim had been using Windows XP, Microsoft’s new operating system.
So don’t worry, kids. Nobody seems to have figured this out before someone pointed it out to Microsoft (so much for the inherently stultifying effects of open source), and even if they had, everyone would be safe if they upgraded to the newest Micro$oft product.
I feel so much better ….