Microsoft Acknowledges Hidden Filegreenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread |
Microsoft Acknowledges Hidden File Secret Message Was Aimed At Rival Manager Will Fire Those Responsible No Reports Of Hackers So FarNEW YORK AP CBS Microsoft Corp. engineers included a secret password in Internet software that could be used to gain illegal access to hundreds of thousands of Web sites, The Wall Street Journal reported Friday.
The rogue computer code was discovered in a three-year-old piece of software by two security experts. Contained within the code is a derisive comment aimed at a Microsoft rival: "Netscape engineers are weenies!"
Steve Lipner, who manages Microsoft's security-response center, described such a backdoor password as "absolutely against our policy" and a firing offense for the as-yet unidentified employees.
There have been no reports of site access through the code, but the affected software is believed to be used by many Web sites.
The file, called "dvwssr.dll" is installed on Microsoft's Internet-server software with Frontpage 98 extensions. By using the so-called backdoor, a hacker may be able to gain access to key Web site management files, which could in turn provide a road map to such things as customer credit card numbers, the Journal reported.
One of the security experts, Russ Cooper, says the risk is bigger with commercial Internet hosting providers, which maintain thousands of Web sites for a slew of organizations.
It was apparently programmed by a Microsoft employee when Netscape and Microsoft were at war over their version of an internet browser, according to the Journal. Eventually American Online Inc. acquired Netscape.
The Journal reported that an engineer from Netscape called the hidden file a "classic engineer rivalry."
Microsoft urged customers to delete the file and planned to warn customers with an e-mail bulletin and an advisory published on its corporate Web site.
Copyright 2000 CBS Worldwide Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.
) 2000, CBS Worldwide Inc., All Rights Reserved. Please click here for more copyright information.
http://cbs.aol.com/flat_story_183988.html
-- Martin Thompson (mthom1927@aol.com), April 15, 2000