[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] Secret Code in Microsoft Software

--/    Bisher nur in der Presse & im Heiseticker
( http://www.heise.de/newsticker/data/nl-14.04.00-000/ ), 
auf den einschlaegigen Webseiten fuer Sicherheitsangele-
genheiten habe ich noch nichts gefunden. /--



NEW YORK (AP) - Microsoft Corp. (NasdaqNM:MSFT - news) engineers 
included a secret password in Internet software that could be 
used to gain illegal access to hundreds of thousands of Web sites, 
The Wall Street Journal reported today.

The rogue computer code was discovered in a three-year-old piece 
of software by two security experts, the newspaper said. Contained 
within the code is a derisive comment aimed at a Microsoft rival: 
``Netscape engineers are weenies!''

Steve Lipner, who manages the company's security-response center, 
described such a backdoor password as ``absolutely against our po-
licy'' and a firing offense for the as-yet unidentified employees.

There have been no reports of site access through the code, but the 
affected software is believed to be used by many Web sites. The file, 
called ``dvwssr.dll'' is installed on Microsoft's Internet-server 
software with Frontpage 98 extensions. A hacker may be able to gain
access to key Web site management files, which could in turn provide 
a road map to such things as customer credit card numbers, The Jour-
nal reported.

Microsoft urged customers to delete the file and planned to warn 
customers with an e-mail bulletin and an advisory published on its 
corporate Web site.