-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Microsoft admits to zero-day threat to IE6 and IE7
,----[ Quote ]
| Microsoft has published Security Advisory
| (977981), confirming reports of a "zero day"
| vulnerability in Internet Explorer 6 SP1 and
| IE7. If you were thinking of upgrading to
| IE8, this would be a good time to do it.
| Microsoft says there have been no known
| attempts to exploit the security hole, but
| this could change at any time.
`----
http://www.guardian.co.uk/technology/blog/2009/nov/24/ie6-ie7-browser-security-flaw
Microsoft Tries To Silence Revelation Of Bing Cashback Flaws;
Leads To Revelation Of Other Problems
,----[ Quote ]
| I'd been meaning to write this up for about
| a week, but finally got it around to it,
| just in time to add some additional info.
| First up, though, comes the news that
| Microsoft's legal department demanded a
| blogger remove a blog post about flaws in
| Bing's Cashback offer (Microsoft's attempt
| to bribe users to search via Bing instead of
| Google). One of the methods for the cashback
| offer involved pixel tracking, and blogger
| Samir Meghani noted that this was easily
| gamed to post fake transactions to your
| account. He also noted problems with the way
| Microsoft used sequential IDs, allowing
| potential scammers to "deny cashback rebates
| to legitimate users by using up available
| order ID numbers." Instead of dealing with
| these flaws, Microsoft lawyers sent a cease-
| and-desist and forced the blog post offline.
| I'm actually quite surprised this hasn't
| received a lot more attention.
`----
http://techdirt.com/articles/20091114/1839216938.shtml
Recent:
Bing hit by costly security loophole
http://www.guardian.co.uk/technology/2009/nov/11/bing-loophole
Bing cashback exploit discovered, Microsoft sends in lawyers
http://www.neowin.net/news/main/09/11/10/bing-cashback-exploit-discovered-microsoft-sends-in-lawyers
Microsoft Stifles Information on Bing Cashback Error
,----[ Quote ]
| Microsoft has brought out its legal hammer
| against a businessman who publicized a
| problem with an incentive program run
| alongside the company's Bing search engine.
`----
http://www.pcworld.com/businesscenter/article/181806/microsoft_stifles_information_on_bing_cashback_error.html
Surrendering to Microsoft and Bing Cashback
,----[ Quote ]
| The purpose of my post was to show an
| implementation problem, not to encourage
| defrauding Microsoft. I am surprised they
| would go through this much trouble to make
| me take down information that is obvious
| to anyone reading their documentation. I
| donât like dealing with lawyers, so Iâve
| decided to comply with their request. The
| post is gone. I will still write a ânon-
| technicalâ post on all the problems I see
| with Bing Cashback in the next few days.
`----
http://bountii.com/blog/2009/11/07/surrendering-to-microsoft-and-bing-cashback/
Microsoft Tries To Censor Bing Vulnerability
,----[ Quote ]
| Microsoft's bing search engine has a
| vulnerability with its cash-back
| promotion, which impacts both merchants
| and customers. In traditional Microsoft
| fashion, the company has responded to the
| author of the breaking bing cashback
| expoit with a cease & desist letter,
| rather than by fixing the underlying
| security problem.
`----
http://yro.slashdot.org/story/09/11/09/2319233/Microsoft-Tries-To-Censor-Bing-Vulnerability?from=rss
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksMhs8ACgkQU4xAY3RXLo5xaACffRSxH9Mn62jpxaHiDXLkJrYz
ucIAn0mNRYx5QcYs8PedK/P13f54yGbx
=oVz/
-----END PGP SIGNATURE-----
|
|
