Microsoft shuts down online store

Microsoft has acknowledged that it shut down an online Microsoft Developers Store on 10 January to look into a possible security...

Microsoft has acknowledged that it shut down an online Microsoft Developers Store on 10 January to look into a possible security hole.

The alleged problem involves a defective script, according to a posting on Web site. The script allegedly has a hole, which a hacker could potentially use to obtain customer information from the site.

The online store is a Web site used by software developers to download product betas, evaluation kits and other information.

Cesar Cerrudo, the developer from Argentina who posted the report about the alleged flaw on 10 January, said in his post: "I don't know when they gonna fix it, so don't put your personal info there until they fix it".

Cerrudo said he stumbled upon the security hole while he was shopping on the site. He notified Microsoft of the hole by e-mail, but did not get a response. After waiting 14 hours he posted a message with SecurityFocus.

A Microsoft spokeswoman said the site was shut down after the company was notified by a list moderator at SecurityFocus of Cerrudo's posting. The site is hosted by a third-party vendor for Microsoft and is not linked to any Web sites on Microsoft's own network, the spokeswoman said.

The company is investigating Cerrudo's claim, she continued. "Microsoft as a company is vigilant about taking reports like this seriously," the spokeswoman said. She could not say when the site would go back online.

Charles Kolodgy, an analyst at IDC, said such security problems are everywhere.

"It's a whole software thing, It's not just a Microsoft thing," Kolodgy said. " I think these things just continue to show that we need more discipline in the way that software is developed and coded."

Read more on Business applications

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...