Article Rating: |
||
| December 1, 2004 12:00 AM EST | Reads: |
546 |
What is being described as a "glaring" security hole in Microsoft's Windows platform, has prompted the Internet Security Foundation to releases a free protection tool, to counter identity theft. The security gaffe potentially exposes millions to identity theft.
The security flaw involves the use of asterisks or other markers, to mask user-created passwords. Nearly 86% of polled Internet users, according to the ISF, believed the passwords hidden behind the asterisks are securely protected. This is not the case.
Programs such as SeePassword (www.SeePassword.com), which is readily available and easy to use, allows "hidden" passwords to be viewed. Criminals can view sensitive information such as bank records, and other private information like credit card accounts, as a result. This comes when privacy issues are more important than ever, in an era when criminals and terrorists routines use stolen identities to perpetrate crimes.
Despite this widely known state of criminal affairs, Microsoft failed to respond to this security hole, even though they knew about it. In a November 2, 2004 PC Magazine article, Microsoft's spokesperson deflected criticism of the company's security measures, stating that if an intruder has access to a users computer, it's already too late to offer password protection.
Alex Konanykhin, chair of the Internet Security Foundation, disagrees, "The responsible thing for Microsoft to do would be to issue a security patch which would make passwords secure and preclude unauthorized access to users' online accounts." He added, "At the very least, Microsoft should have issued a security patch which would warn Windows users that such hidden passwords are not secure. Instead, Microsoft chose to ignore the issue despite our repeated warnings."
In an attempt to deal with the issue itself, ISF has released a freeware program, called AsteRisks ("Remove Risks from Asterisks") which removes unsecured passwords from user's computers, reducing the risk of password protected information getting into criminals' hands. This freeware is available for download at, http://www.internetsecurityfoundation.org
Published December 1, 2004 Reads 546
Copyright © 2004 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
May. 16, 2018 02:15 PM EDT |
By Yeshim Deniz May. 16, 2018 01:15 PM EDT |
By Liz McMillan The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...May. 16, 2018 12:45 PM EDT Reads: 10,764 |
By Yeshim Deniz May. 16, 2018 12:30 PM EDT Reads: 3,183 |
By Elizabeth White May. 16, 2018 11:45 AM EDT Reads: 2,805 |
By Pat Romanski May. 16, 2018 11:30 AM EDT Reads: 2,941 |
By Yeshim Deniz May. 16, 2018 11:15 AM EDT Reads: 2,525 |
By Liz McMillan May. 16, 2018 11:00 AM EDT Reads: 2,733 |
By Liz McMillan May. 16, 2018 10:30 AM EDT Reads: 2,838 |
By Pat Romanski May. 16, 2018 10:15 AM EDT Reads: 2,460 |


The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...






























