Home › Forums › Archives › Site News & Announcements › Instant Messaging News › Windows Live Messenger News › Microsoft Works to Fix MSN Privacy Flaw
- This topic has 0 replies, 1 voice, and was last updated 22 years, 1 month ago by BigBlueBall News.
-
AuthorPosts
-
February 8, 2002 at 6:00 am #16133BigBlueBall NewsMember
CNET
February 8, 2002
Microsoft is putting the final touches on a patch to limit an MSN Messenger feature that allowed any Web site to grab a visitorŒs IM nickname and buddy list.
While representatives for the Microsoft Network have said no customers have fallen prey to the potential privacy problem, the group plans to release early next week an updated version of MSN Messenger that fixes the problem.
“In order to implement the fix, customers will have to upgrade to the next version of MSN messenger,” a representative for the software behemoth said on Friday.
The issue occurs because Microsoft designed MSN Messenger to allow JavaScript contained in Web pages to access a customerŒs buddy list and, for certain Microsoft sites, the e-mail addresses of the person.
Software engineer Richard Burton highlighted the privacy implications of the feature in a post to SecurityFocusŒ BugTraq mailing list recently.
“It appears to have been intended as a feature so they could put in nice customizations on their Web sites,” said the U.K.-based programmer on Friday. “I only raised it as a potential, so I donŒt think people need to panic.”
The ill-conceived feature comes at a poor time for the software giant. Last month, Chairman Bill Gates wrote a companywide memo spurring employees to make security and privacy their top priorities.
“So now, when we face a choice between adding features and resolving security issues, we need to choose security,” Gates wrote. Calling the initiative “Trustworthy Computing,” the founder of Microsoft kicked off extensive code reviews to catch potential problems in the companyŒs flagship software.
But the current problem is considered more of a privacy hiccup than a major problem, the Microsoft representative said.
-
AuthorPosts
- You must be logged in to reply to this topic.