The previous article can be found here:
http://discuss.big-o-software.com/viewtopic.php?t=3912
By Andrew Orlowski in Texas
Posted: 23/05/2003 at 06:33 GMT
The Gartner Group has advised customers to avoid Microsoft's Passport authentication system for at least six months.
Rumors of the advisory - one of the most damaging in Microsoft's history - had been circulating for the past fortnight. Gartner has stood firm in the face of intense pressure and the details appear to have emerged intact.
The advisory note follows the revelation of a trivial backdoor in Passport. Earlier this month, a security researcher discovered that he could access 200 million accounts at will by inserting the string "emailpwdreset" into a URL.
But perhaps Gartner was stung more by Microsoft's complacent reaction to the backdoor, than by the technical incompetence itself.
""You live and learn. We will obviously take a hard look to make sure that if something is sent through the nonstandard channels, and it is real, we are all over it," is how Microsoft's Adam Sohn reacted to the news.
Microsoft faces a potential $2 trillion fine from the United States' Federal Trade Commission for the breach.
Gartner warns that the loss of confidence in authentication systems will affect rivals, too - a fair conclusion, we reckon. Although the major retailers are pushing hard for authentication systems, the public remains rightfully skeptical of systems that harvest our personal data and offer little in return. ®