Scott Rosenberg takes on the Hotmail “security hole” in his column this week. I use the quotation marks because this isn’t a security hole in the traditional sense. A security hole exists when you write bad C code with buffer overflows that allow hackers to execute priveleged commands by sliding them onto the stack. In this case, the programmers at Microsoft created a back door into a service that provides 50 million users with email on purpose, and hoped that nobody figured out where it was. Not only was the back door there, but it was pathetically simple to walk in through. This security hole is a failure at a far more troubling level than a failure to adequately test your code. These guys failed at testing their basic assumptions.
Scott Rosenberg takes on the Hotmail “security hole” in his column this week. I use the quotation marks because this isn’t a security hole in the traditional sense. A security hole exists when you write bad C code with buffer overflows that allow hackers to execute priveleged commands by sliding them onto the stack. In this case, the programmers at Microsoft created a back door into a service that provides 50 million users with email on purpose, and hoped that nobody figured out where it was. Not only was the back door there, but it was pathetically simple to walk in through. This security hole is a failure at a far more troubling level than a failure to adequately test your code. These guys failed at testing their basic assumptions.
Commentary
Previous post
Next post