This Passport PREVENTS Travel! See update below article and a ZDNet Article
and a Register article
by Mike Banks Valentine
SIGN OUT OF PASSPORT
Last week Microsoft bCentral required all users of it's ListBuilder
Service to sign up for and use the Microsoft .NET passport system
by converting to that system before allowing log-in to their
existing accounts.
I normally distribute my list through ListBuilder on Sunday evening
for delivery by Monday morning to my subscribers. I got NO NOTICE
there was to be a change to the system until I tried to log in to
my list last Sunday evening, December 3, and couldn't.
The sign in system crashed my Netscape Browser twice, so I opened
up Explorer 5 and it just locked into a loop of agreeing to the
terms of service, I mark the "Agree" radio button and click "next"
to be returned to the terms of service agreement over and over again.
I give up with Explorer and return to Netscape. Now my computer
freezes entirely. I give up after 2 hours of trying different
approaches. The "Help" screen is worthless.
Monday A.M. I try to log in again on Netscape and go through the
process again at bCentral. Now when I click the "Next" button
. . . NOTHING HAPPENS AT ALL! I open Explorer 5 and try again to
get back to the terms of service feedback loop once again. Click
the button that says "I Agree" to the TOS and get returned back
the default "I do not agree" button checked over and over again.
I call customer support. I wait on hold for 45 minutes before
giving up fed up with the awful loop of loud Christmas music
I've heard repeatedly, along with that wonderful recorded, "All
of our customer service representatives are busy. Please hold
and your call will be answered in the order received" Well either
there is one person that can't get satisfaction who won't hang up
or there are six hundred angry callers ahead of me (or both).
I give up. I try again, for a WEEK!
I still don't have my ezine out two issues later, I still can't
get through the customer support phone waiting list. I sent an
email to bCentral support and got no answer. I have a paid
advertiser for the ezine and now I've got to explain that I'm
locked out of my list host and refund the money.
This has got to be one of Microsofts' finest hours. I could care
less about passport as I never intend to use it for anything but
this service and will not share my personal info with them to save
my life after this debacle. So I'm willing to sign up for passport
for ListBuilder only, but all I want to do is access and distribute
my newsletter! My subscribers and advertisers will love me for
this absurdity!
After attempting for a full week to send out two issues of my
newsletter, that I can't get by the ridiculous feedback loop of
agreeing to the terms of service over and over again or getting
signed in with the passport I create but then being prompted to
convert my account to passport. When I follow instructions I
still get the following message.
"The Microsoft .NET Passport you used to sign in is valid,
but we cannot locate your bCentral account"
When I attempt to convert again, I get the message over again.
I still can't get through on the phone and cannot afford to
spend much more time trying.
They have not answered my queries sent to support and now I've
gone two weeks without sending my newsletter out. I sent a post
to LinkExchange Digest, but of course as a Microsoft sponsored
publication, they won't publish my complaints.
I'm locked out of my account, I have only a two month old
subscriber list for backup and I can't get any attention. This
is the most absurd thing I've seen since trying to change
registrars from Network Solutions to a helpful and reasonable
vendor that charges less and actually talks to me when I need
help.
We're forced to use passport, but then can't convert from our
previous account when we establish a passport. This behavior
could only come from a corporate behemoth that doesn't give a
flying @#$% about individual customers. Only the mass market.
And then only when they don't complain.
I found a page at bCentral for support phone calls and found
that phone support costs $9.95 monthly with a minimum commitment
of one year! or you can save $20 and pay for the year in advance.
So, in essence, you can pay us now or pay us more now. But wait,
at the bottom of the page it says the following:
bCentral Subscriber Phone Support is available to current
subscribers of:
Traffic Builder
Commerce Manager
Customer Manager
So the truth is that you can't even PAY to talk to them about
ListBuilder! Does anyone find this in the least bit objectionable?
I've never seen worse customer service for paying customers
anywhere!
Can you imagine signing up for the .NET passport zwallet and
getting this kind of help when they have control of your money
at (if they get the adoption they are hoping for) HUNDREDS or
even thousands of sites across the web? This ought to be a
warning call for those considering handing over personal
information to passport and .NET and a clear signal that
they won't provide customer support when you have trouble
with it.
--------------------------------------------------------
Mike Valentine does Search Engine Placement for the Small
Business http://SEOptimism.com
WebSite101 "Reading List" Weekly Netrepreneur Tip Sheet
Weekly Ezine emphasizing small business on the Internet
http://website101.com/arch/
Microsoft Admits to Glitch
In Passport Identity Service
Associated Press, Thursday May 8, 2003
WASHINGTON -- A computer researcher in Pakistan discovered how to breach Microsoft Corp.'s
security procedures for its popular Internet Passport service, which is designed to protect
customers visiting some retail Web sites, sending e-mails and in some cases making credit-card
purchases.
Microsoft acknowledged the flaw affected all of its 200 million Passport accounts but said it
fixed the problem early Thursday, after details were published on the Internet. Product Manager
Adam Sohn said the company was unaware of hackers actually hijacking anyone's Passport account,
but several experts said they successfully tested the procedure overnight.
In theory, Microsoft could face a staggering fine by U.S. regulators. Under a settlement with
the Federal Trade Commission last year over lapsed Passport security, Microsoft pledged to take
reasonable safeguards to protect personal consumer information during the next two decades or
risk fines up to $11,000 per violation.
The FTC said it was investigating this latest lapse. The agency's assistant director for
financial practices, Jessica Rich, said Thursday that each vulnerable account could constitute
a separate violation -- raising the maximum fine that could be assessed against Microsoft to
$2.2 trillion.
"If we were to find that they didn't take reasonable safeguards to protect the information,
that could be an order violation," Ms. Rich said.
The researcher, Muhammad Faisal Rauf Danka, determined that by typing a specific Web address
that included the phrase "emailpwdreset," he could seize any person's Passport account and
change the password associated with it.
Mr. Danka, who described himself as a private security consultant, said he discovered the flaw
after Passport accounts belonging to him and a friend both were hijacked repeatedly. He made
certain no one had hacked his own computer, then checked the security for the Microsoft Web
site that controlled Passport accounts.
Mr. Danka said he discovered the vulnerability about four minutes after he began searching in
earnest. "It was so simple to do it. It shouldn't have been so simple," Mr. Danka said in a
telephone interview from Karachi. "Anyone could have done this."
Mr. Sohn acknowledged Microsoft should have been rejecting such transmissions from anywhere
outside the company's own network. Microsoft shut down the affected Web address late Wednesday
night, more than one hour after details were published on the Internet. Those filters were
permanently set in place early Thursday, Mr. Sohn said.
"We didn't validate the input," Mr. Sohn said. "We allowed somebody external to do something
only the system itself should be doing. Somebody plumbed around...and figured out they could do
this."
Services such as Passport promise consumers a single, convenient method for identifying
themselves across different Web sites, encouraging convenient purchases online of movies,
music, travel and banking services.
Passport, which is closely tied to Microsoft's flagship Windows XP software, is integral to its
most important upcoming technology services. Dozens of retail Web sites use it already, and
Passport controls access for Windows users to the free Hotmail service and instant-messaging
accounts.
Using Passport, consumers could entrust Microsoft or other organizations to centrally hold
their personal information -- such as credit-card numbers or medical records -- and make it
available whenever needed.
The FTC last year determined that Microsoft made deceptive claims and misrepresented the
security surrounding the design and use of Passport. The FTC found that Microsoft exaggerated
promises about its safety.
"The FTC needs to investigate and aggressively enforce the settlement," said David Sobel, a
lawyer for the Electronic Privacy Information Center in Washington. "It's an important test of
the government's ability to ensure real security in the handling of personal information. There
needs to be consequences for security flaws."
Mr. Sobel's privacy group was among those that had made formal complaints about Passport, which
led to the FTC settlement.
"If the passport office of any nation in the world had a security record like Microsoft's, no
immigration officer would accept their passports," said Jason Catlett, head of Junkbusters
Corp., a privacy group in New Jersey that also had complained to the FTC.
Copyright (c) 2003 Associated Press
Microsoft Passport Investigation Docket from Electronic Privacy Information Center
--------------------------------------------------------
WebSite101 "Reading List" Weekly Netrepreneur Tip Sheet
Ezine emphasizing small business online http://website101.com/arch/
e-tutorial online at: http://website101.com/shortcourse.html
By week's end you're ready expand your business to the web!
--------------------------------------------------------
