A serious flaw in .NET Passport Accounts is fixed just a few hours ago:
Read here:http://www.neworder.box.sk/explread.php?newsid=7951
Printable View
A serious flaw in .NET Passport Accounts is fixed just a few hours ago:
Read here:http://www.neworder.box.sk/explread.php?newsid=7951
The .NET is misleading here. Passport really has nothing to do with .NET
It seems so, but you can integrate it in your ASP.NET web based programs. However the point is they way MS deals with this kind of serious problems, that sometimes is ignoring and patching silently.
My only problem with the headline, is that it got every little anti-MS/ anti-.NET/ pro-Java troll, screaming how .NET is broken, crappy, and vulnerable!
:rolleyes:
Man If i had a gun...
Imagine you are the boss in an enterprise company and have paid $34500 for a 3 years contract for .NET Passport, then some little kid breaks down your systems with that flaw, then Man, if only you had a gun :p
Man I wouldnt use Passport/ nor Liberty for that matter.
The year before last at VSLive, a MS developer asked who here plans on using Passport. Only 1 hand raised. He even mad a gag sound when he asked! In general , I beleive 99% of developers, even some developers at Microsoft could give a rats ass.
;)
I heard the same thing from the guys at the VS.Net launch.
To me, it is worthless. One password to do many things is totally insecure in my book. You should have many passwords to do many things. The Passport thing is great in theory, but there will always be holes that can be exploited. The more people using a service like Passport, the more people will try to break it. Look at MS Windows now. It only has so many vulerbilities because almost everyone is using it, and since that is the case, almost all hackers are trying to break into it. Nothing will be 100 percent secure.
You have a much better chance at keeping things safe if you have seperate logons to each place you require one. This at least helps that if one place gets broken into, then just that one place is affected, the rest is safe.
moreover ,if I'm not wrong , these passports are very expensive .
About the only thing I ever used PassPort for is to sign into the MSN gaming community (because its requireD)....
But as was mentioned above, I don't think anyone can realistically create a store once and be secure password. Murphy's law demands it will fail... so why would anyone put all their eggs in one basket?
well like the last guy said(sorry im too lazy to look at the nick at this hours of the night) i only have msn for playing in zone.com becasue it is required altogh it raised a lot of other problems..it simply sucks...........
I was a system admin for a long time, and one of the things that stuck with me was putting all your user security in one place - one PUBLIC place with a big fat red target circle on it - is just plain nuts. Anybody who hops on that bandwagon kind of deserves to get burned, maybe someday the admin market will turn around and stop being low-bid like it is now.