Microsoft glitch reveals email passwords
August 19, 1999
Washington — Microsoft Corp. is promising to fix by this week’s end a bug in its new Internet chat software that permits co-workers and others to see a person’s e-mail password.
The glitch in the company’s new MSN Messenger software means that others who have access to a person’s computer could impersonate that person to read and even send e-mail using his Hotmail account without anyone’s knowledge.
Microsoft said that even if customers delete their saved password and enter it manually, it still becomes visible if another person types a specific sequence of keystrokes on that computer.
Microsoft, whose software runs most of the world’s personal computers, said it was made aware of the bug earlier this week but promised to fix it by week’s end.
Deanna Sanford, the product manager for MSN, said the bug’s ill effects were mitigated because a person must have physical access to the victim’s computer, meaning the problem will be worse in offices where co-workers share machines than for home users.
”In a shared office environment, if you trust the people you work with, this will probably never be an issue,” Sanford said. But she said Microsoft recommends protecting each computer with a password.
Recommended Stories For You
The problem was the latest embarrassment for Microsoft over its attempt to capture part of the burgeoning market for Internet chat software, currently dominated by America Online Inc.’s Instant Messenger software.
When Microsoft unveiled its chat software earlier this month, AOL complained that Microsoft engineers had hacked into its proprietary network to let MSN customers communicate with AOL’s customers.
AOL successfully blocked Microsoft’s software several times, but with each attempt Microsoft redesigned its chat software to bypass AOL’s blocking attempts.
MSN Messenger customers currently can chat with people using AOL’s software, and Microsoft in a bid for the moral high ground announced earlier this week it will release its software protocols so that other companies can design software that interpolates with MSN.
The latest Microsoft bug occurs when customers use the software to check their e-mail using Microsoft’s popular Web-based Hotmail service. If a person stops the resulting Internet page from loading and looks at the underlying software code which requires merely three clicks with the mouse the user’s e-mail name and password are displayed.
Sanford said Microsoft will scramble the information in the upcoming patched version using encryption technology.