Feeds

Microsoft mole spills beans on weenies

Relic of the browser wars, staffer claims

  • alert
  • submit to reddit

The essential guide to IT transformation

A mole working at Microsoft in Redmond has described in detail the process that culminated in a FrontPage security bug that unfolded its wings and started occupying hectares of column inches last week. The source, who asked that he not be named for fear of losing his livelihood, said that the bug, which includes language demeaning to male Netscape engineers, said that rather than it being a so-called "back door" which can be used to bring down Web servers, it is actually a security bug. He said: "The person attempting access would already have to have Author permission to the FrontPage web, and then they could only gain access to ASP (and Global.asa) pages. Plus, they would have to know the name and exact location of the file they were attempting to gain improper access to." The DLL which is at the core of the problem, DVWSSR.DLL, is old code, he added. "In fact, it is over three years old, and was written back at the height of the so-called 'Browser Wars'. "We wanted to research the issue fully and guarantee the fixes, then write a KB, which has to be reviewed and sent to Legal. That is a bloody paperwork trail. According to the KB I was proofing, there are a few fixes. "You can either delete the file from the root web and all sub-webs, upgrade to FP 2000 extensions, or upgrade to W2/IIS 5," he said. "The file's functionality is to provide Link View in, if I remember correctly, Visual Interdev 1.0. If you're willing to lose that one feature, kill the file. Else just upgrade to the new extensions. "As for us taking it seriously, Hell Yes we do! First off, it was damned stupid and bloody irresponsible. It also is a severe violation of Corporate Policy. I wouldn't be surprised if someone does lose their job over it - if they're still with Microsoft - and personally I hope they're canned". ® Related Story Weenie jibe in FrontPage leaves MS web servers wide open

Build a business case: developing custom apps

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
XBOX One will learn to play media from USB and DLNA sources
Hang on? Aren't those file formats you hardly ever see outside torrents?
Class war! Wikipedia's workers revolt again
Bourgeois paper-shufflers have 'suspended democracy', sniff unpaid proles
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.