Hotmail still leaks up to 56 of the Internet's most virulent viruses, despite Microsoft's claim that it had patched security at the trouble-prone e-mail service, according to anti-virus experts.
In response to an advisory posted by PCHelp, a Washington state Internet technology consultancy, Microsoft said it redirects its various Web properties' visitors to a single server that assigns them a unique identifier. That identifier, an "MSID," lets Microsoft chart a single person's visits and activities over the company's Web sites, which include MSN.com and dozens of affiliated sites like Hotmail, CarPoint, Expedia, bCentral and LinkExchange.
Microsoft on Wednesday revised the "terms of use" policy for its Passport service after criticism that the agreement gave the software behemoth Draconian control of customer communications...The new, much stricter agreement clarifies that Microsoft's right to use customer communications is only in the case of an exchange with the company.
Here's a challenge to Microsoft. Guarantee the sanctity of this data in a way that persuades me. How about agreeing, in writing, to a fine of a year's revenue if the company breaks this promise?
In a briefing for developers and Web site operators, Chairman Bill Gates outlined a far-reaching plan that he hopes will put Microsoft software at the heart of each consumers' "personal network" of Internet-enabled appliances. More important, Gates says he thinks people will pay for the ability to access their data any time, anywhere.
HailStorm was formally announced last week, and the Redmond software giant's plans already have shaken the industry. Microsoft has pledged it won't rent, sell or share personal data, but privacy advocates shudder at the mere thought of Microsoft as the keeper of so much information. "I don't want Redmond to become the de facto government of the United States, issuing passports and controlling identity and wallets for all consumers," said Jason Catlett, president of privacy watchdog group JunkBusters.
Microsoft's argument for full raw sockets' inclusion was that since there were other - admittedly more difficult - ways for malicious hackers to achieve the same thing, there was no point in making things harder for them.While we were arguing this, one of the Windows XP technical guys said that "removing full raw sockets would only be a public relations win" since malicious hackers could easily enough achieve the same thing by modifying the operating system through the installation of readily available third-party device drivers. When I countered that Windows XP was hardened against the installation of "unsigned" drivers, the developer discounted that by saying that anyone could get a "certificate" with which to sign a malicious driver. Microsoft's top operating system developers continually miss the point that there's a world of difference between what could be done and what actually is done.
The Electronic Privacy Information Center, a Washington, D.C.-based public-interest organization, and privacy group Junkbusters, as well as at least five other groups will ask the FTC to prevent the launch of Windows XP based on potential privacy threats arising from the operating system and Passport software, according to Marc Rotenberg, executive director for EPIC.
"We believe that Microsoft made a number of misrepresentations, dealing with, one, the overall security of the Passport system and personal information stored on it; two, the security of online purchases made with Passport Wallet; three, the kinds of personal information Microsoft collects of users of the Passport service; and four, how much control parents have over the information collected by Web sites participating in the Kids Passport program," Muris said during the conference call.The FTC outlined its findings in a six-page complaint . Many of the problems resulted from Microsoft failing to adhere to its own privacy statements about Passport, Passport Wallet or Kids Passport.
As part of the settlement agreement, Microsoft has changed its privacy statements to accurately reflect what information is collected and how it is used, Brad Smith, Microsoft's general counsel, said in a separate conference call.
In an eight-page settlement released Thursday, Microsoft also agreed not to engage in unfair or deceptive practices and to protect the security and privacy of personal information.
