Microsoft shuts down online store

News

Microsoft shuts down online store

Microsoft has acknowledged that it shut down an online Microsoft Developers Store on 10 January to look into a possible security hole.

The alleged problem involves a defective script, according to a posting on SecurityFocus.com Web site. The script allegedly has a hole, which a hacker could potentially use to obtain customer information from the site.

The online store is a Web site used by software developers to download product betas, evaluation kits and other information.

Cesar Cerrudo, the developer from Argentina who posted the report about the alleged flaw on 10 January, said in his post: "I don't know when they gonna fix it, so don't put your personal info there until they fix it".

Cerrudo said he stumbled upon the security hole while he was shopping on the site. He notified Microsoft of the hole by e-mail, but did not get a response. After waiting 14 hours he posted a message with SecurityFocus.

A Microsoft spokeswoman said the site was shut down after the company was notified by a list moderator at SecurityFocus of Cerrudo's posting. The site is hosted by a third-party vendor for Microsoft and is not linked to any Web sites on Microsoft's own network, the spokeswoman said.

The company is investigating Cerrudo's claim, she continued. "Microsoft as a company is vigilant about taking reports like this seriously," the spokeswoman said. She could not say when the site would go back online.

Charles Kolodgy, an analyst at IDC, said such security problems are everywhere.

"It's a whole software thing, It's not just a Microsoft thing," Kolodgy said. " I think these things just continue to show that we need more discipline in the way that software is developed and coded."

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy