Belinda Beresford and David le Page
The furore over the collapse of even rudimentary privacy on Microsoft’s Hotmail e-mail service raises concerns that the software giant is more interested in gathering information than in protecting it.
Microsoft doesn’t have a worse reputation for neglecting privacy than its competitors. Crackers – hackers who attempt to illegally access computers and networks with malicious intent – do not confine their activities to Microsoft systems.
A flaw in the Hotmail service allowed even non-technical computer users to access the mail of its 50-million clients on Monday. The hackers identified the flaw and published it on a number of websites.
It was distressingly easy to hack into the world’s largest free e-mail service provider. Still, it would have taken time and resources to systematically mine it for useful data, such as credit card information.
There have been suggestions that the hole in the Hotmail security systems could be a “backdoor”, an access route to Microsoft programmers which was either deliberately or accidentally left behind when the service went online. Microsoft has denied this vehemently.
However, a security expert with KPMG says backdoors are common on websites, because site architects don’t think anyone will detect them.
The Microsoft disclaimer ostensibly protects it from lawsuits arising from illegitimate access to information on the Hotmail.
However, the security breaches could make the company vulnerable to legal action if it is proved it was negligent in its handling of the situation.
A Microsoft representative said the company had been alerted to the security breach by European newspapers which broke the story on Monday. Microsoft took 12 hours to contain the damage.
Rather than shutting down the entire Hotmail network immediately, Microsoft handled each network server in succession – resulting in a further security breach.
One of the problems facing Microsoft is the pressure to get to market, and the company does not give its programmers sufficient time to perfect programs.
America Online (AOL), the leading United States Internet service provider, has a product called AOL Instant Messenger, which allows people online to chat directly to each other without the delays of e-mail.
Three weeks ago, Microsoft released a competitor to Instant Messenger, which piggybacked AOL’s messaging infrastructure.
The two companies got into a tussle, with AOL trying to tweak its systems to shut out the Microsoft software.
In the midst of this, it was revealed that Microsoft Messenger stores messaging passwords unencrypted. This is an extraordinarily basic error.
Another problem has been the revelation that holes in the basic infrastructure of Windows 95 and 98 leave it vulnerable to a new virus that is activated simply by reading the message. Previous viruses have had to con users into activating them.
Wired News recounted that a Microsoft developer has revealed online that security has never been a concern for the company in its development of Windows 95 and 98.
Perhaps the company could be excused for Windows 95 – it had not yet cottoned on to the growth of the Internet and accompanying security concerns. But that this attitude to security persisted into Windows 98 is revealing.
Microsoft is now launching the Microsoft Passport, a service intended to make e- commerce simpler for the roving Netizen. Currently, online purchases require repeated filling out of forms and typing in of credit card numbers.
The Microsoft Passport will store all personal financial information on a central Microsoft server, and supply it to vendors with a single click.
It will undoubtedly be an useful service. Microsoft, alert to consumer concerns, will keep that information under tight digital lock and key.
But should the centralised storage of such information not be avoided altogether?
No networked system is persistently secure. Millions of credit card numbers would be an incredibly tempting target, not just because of the value of the information, but because it will be held by Microsoft.
And Microsoft is the company the world loves to hate.