Feeds

Microsoft .NET promo reveals personal info

Shared sauce

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Microsoft has adopted an unusual approach to community building - by disclosing the personal information of thousands of applicants for a Visual Studio web promotion.

Despite being alerted to the privacy breach, the personal details of several thousand individuals are still online.

The site, hosted by Washington DC-based marketing company MHI Communications, encouraged developers to register for a VS.NET DVD. Applicants submitted personal information, including email addresses, telephone numbers and what Microsoft products they used. This information was publicly available until earlier this afternoon, when the company was informed of the security snafu.

The page now indicates that the promotion has been suspended.

But incredibly, the personal information is still available for inspection by world+dog, as a 1.1MB text file. Rather than moving the data behind the firewall, MHI Communications simply changed the path name.

"This company doesn't seem too intelligent," said Boston, Mass.-based security consultant Jonathan Stewart who alerted both MHI Communications and The Register to the privacy breach.

It's F1 for help, right?

"The data our software and services store on behalf of our customers should be protected from harm and used or modified only in appropriate ways," wrote Microsoft chairman Bill Gates in a company-wide memo in January.

"Trustworthiness is a much broader concept than security, and winning our customers' trust involves more than just fixing bugs and achieving 'five-nines' availability… eventually, our software should be so fundamentally secure that customers never even worry about it."

MHI, which uses Windows servers for its ReplyCard service, had not returned our calls at press time. ®

Secure remote control for conventional and virtual desktops

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.