A bug in Microsoft Corp’s MSN Messenger software, the Redmond giant’s rival to America Online Inc’s hugely successful Instant Messenger and ICQ, has left Microsoft with egg on its face. Under certain conditions, the bug lets users of MSN Messenger determine the passwords to other people’s Hotmail email accounts. Microsoft executives downplay the problem on the grounds that the attacker must have physical access to the victim’s PC. All that really means, though, is that business users may be at greater risk than people using the software from home.
The security flaw leaves Microsoft in an embarrassing position. Last month it launched MSN Messenger against AOL’s rival technologies, complete with the ability to access AOL’s buddy lists. Every time AOL tried to block access to the valuable lists, Microsoft would patch its software to route around the block. AOL argued that the block was necessary in case MSN Messenger posed a security threat to other users of instant messaging software. Until Microsoft fixes the bug – which it promises to have done by Monday August 23 – it will have a hard time arguing that this is not the case.
Earlier this week, Microsoft surprised observers by announcing plans to publish the protocols behind MSN Messenger. In an ironic twist, Microsoft has become the industry’s leading advocate for an open standard in instant messaging software, while AOL attempts to defend its proprietary products. The resulting stalemate has led IP telephony consultant Jeff Pulver to call a closed-door summit in New York on Wednesday September 8 1999. Pulver says more than 40 companies have confirmed that they will attend. What he won’t say is whether that number includes Microsoft or AOL. รก
