Journal mnordstr's Journal: Microsoft Store Offline After Insecurity Exposed
I ran across this article at Newsbytes which shows that not even Microsoft's "skilled" programmers can make safe web applications for their insecure software.
"An online store operated by Microsoft Corp. [NASDAQ: MSFT] for software developers was unavailable today following reports that a security flaw gave visitors the ability to take control of the site, including access of customer data.
The Microsoft Developer Store, located at http://developerstore.com , used an insecure script to enable users to search for products in a Microsoft SQL database, according to an advisory posted today by an Argentinean security researcher to an online security mailing list.
As a result of the vulnerability, malicious users could have caused the Microsoft server to execute any command, according to the message posted to Vuln-Dev by Cesar Cerrudo."
"An online store operated by Microsoft Corp. [NASDAQ: MSFT] for software developers was unavailable today following reports that a security flaw gave visitors the ability to take control of the site, including access of customer data.
The Microsoft Developer Store, located at http://developerstore.com , used an insecure script to enable users to search for products in a Microsoft SQL database, according to an advisory posted today by an Argentinean security researcher to an online security mailing list.
As a result of the vulnerability, malicious users could have caused the Microsoft server to execute any command, according to the message posted to Vuln-Dev by Cesar Cerrudo."
Microsoft Store Offline After Insecurity Exposed More Login
Microsoft Store Offline After Insecurity Exposed
Slashdot Top Deals