Hackers could steal credit cards from ‘e-wallet’ technology
Microsoft Corp. acknowledged that its “Passport” technology for safeguarding Internet purchases has a serious design flaw that could have allowed hackers to steal credit card numbers and personal information.
2 million customers use the “e-wallet” feature of Passport that was vulnerable, but there was no evidence of any theft. It temporarily shut down access by all consumers to their virtual wallets starting Wednesday for repairs to the network and testing. That move inconvenienced buyers at roughly 70 e-commerce Web sites that support Microsoft’s wallet technology, called “Express Purchase.”
Overall, up to 200 million people have signed up for Passport accounts, which are nearly impossible to avoid under Microsoft’s new Windows XP operating system. Passport promises consumers a single, convenient method for identifying themselves across different Web sites.
“We do not believe customer data was compromised in any way,” Microsoft spokesman Adam Sohn said Friday. “We know we’ve got to build and earn trust for (Passport) to be successful. We’re taking the right steps to do that.”
Users of Windows XP software were never vulnerable because of additional security measures built in, Sohn said.
News source: msnbc
Microsoft Corp. acknowledged that its “Passport” technology for safeguarding Internet purchases has a serious design flaw that could have allowed hackers to steal credit card numbers and personal information.
2 million customers use the “e-wallet” feature of Passport that was vulnerable, but there was no evidence of any theft. It temporarily shut down access by all consumers to their virtual wallets starting Wednesday for repairs to the network and testing. That move inconvenienced buyers at roughly 70 e-commerce Web sites that support Microsoft’s wallet technology, called “Express Purchase.”
Overall, up to 200 million people have signed up for Passport accounts, which are nearly impossible to avoid under Microsoft’s new Windows XP operating system. Passport promises consumers a single, convenient method for identifying themselves across different Web sites.
“We do not believe customer data was compromised in any way,” Microsoft spokesman Adam Sohn said Friday. “We know we’ve got to build and earn trust for (Passport) to be successful. We’re taking the right steps to do that.”
Users of Windows XP software were never vulnerable because of additional security measures built in, Sohn said.
News source: msnbc
Found this in the MacNN forum and on Slashdot, explains the problem quite nicely!!!
The original installer script has the lines
- # if iTunes application currently exists, delete it
if [ -e $2Applications/iTunes.app ] ; then
rm -rf $2Applications/iTunes.app 2> /dev/null
fi
# if iTunes application currently exists, delete it
if [ -e "$2Applications/iTunes.app" ] ; then
rm -rf "$2Applications/iTunes.app" 2> /dev/null
fi
- # if iTunes application currently exists, delete it
if [ -e $2Applications/iTunes.app ] ; then
rm -rf $2Applications/iTunes.app 2< /dev/null
fi
- rm -rf /Volumes/Disk 1/Applications/iTunes.app 2< /dev/null
For those that had a problem, do you meet all the following criteria?
- 1. Did not delete iTunes 1.1
2. Had multiple volumes
3. Had similarly named volumes with spaces in their names
I can't see how the "$2" variable is built, so this is all conjecture based on the evidence and looking at the "preflight" file. Obviously, there's an issue with the installer, since Apple has now pulled it ... but if you grabbed it already, I would highly recommend you do not use it, even if you don't appear to meet the criteria listed above. Just wait for a new installer from Apple, and keep your data safe!
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.