Privacy Group Asks for Passport Investigation
by Arie Slob
Hello Windows users,
This week the Electronic Privacy Information Center (EPIC) sent a letter to all 50 state attorneys general, asking them to protect consumers against what it called Microsoft's unfair and deceptive trade practices because the Federal Trade Commission (FTC) has failed to act.
The letter alleges that "These systems (Microsoft Corporation's Passport service and related "Wallet," "Kids Passport," "Hailstorm," and ".Net Services.") unfairly and deceptively gather personal information and expose consumers to the release, sale, and theft of their personal information."
The letter continues with: "The privacy and security risks include: online profiling made possible by the requirement that individuals sign on to Passport before viewing web content, an increase in the amount of unsolicited commercial e-mail from the sharing of e-mail addresses with Passport-affiliated sites, and stolen credit card data from numerous security holes in the Passport and Wallet systems. The vulnerability of Passport combined with its pervasion of the Internet creates serious risks to personal information sacrificed by consumers to gain access to services integrated with Microsoft authentication software under the belief that Microsoft is adequately protecting their data."
It is estimated that there are around 200 million Passport accounts (most of them Hotmail users).
Last November I reported on a security vulnerability discovered by a software developer which enabled him to steal Passport and credit card information. This let to the closure of Microsoft's Wallet service for a number of days, while the company was fixing the bug.
I recommended then and still recommend not to store personal and/or credit card information on-line, be it Microsoft (Passport) or some other service.
As a Windows XP user who also uses Messenger, I have a Passport account, but I set up a separate email at MSN just for that purpose, which I never use, and have stored no other info in my account.
Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data
Microsoft has posted a patch for Windows NT 4.0 and Windows 2000 that fixes a vulnerability in the way these operating systems verify trusted domains when used as domain controllers.
Affected Software Versions
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
Rose City Software
"Since I switched to using Internet Explorer, I really missed my old Netscape Bookmarks folder. Then I discovered LinkStash. This is ten times better! Now I can organize all my bookmarks in one small file, synch it easily between my desktop and laptop and share it with friends. And all the options for comments, highlighting, and customizing my bookmarks makes this a must-have for surfing the net!"
- - James Wilson, Tampa, Florida
Recent Support BBS Postings
Way to turn NTFS back to FAT32 - Windows 2000
Two monitors in Device Mgr - Windows 98
Netscape 6/Mozilla Security Flaw - Netscape
Basic Security - Networking
These Hickydoos: >>>>> - Internet Explorer
Web Site Updates
These pages were added/updated in the past 2 weeks. Information on previously updated/added pages is available on the What's New? page for 1 month.
Added: 3rd or 4th Generation Wireless Connectivity Still Promised
Added: Making Your Own VCD Movies
Added: New Security Vulnerability Revealed With Routers
New version 2.12 of TradeTrakker
New version 1.61 of TweakMASTER
New LinkStash 1.0 released
Added: Microsoft Security: Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data