Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Disclaimer: I used to work for Microsoft

I think Microsoft needs to take a ton of heat for this one.

a) They outsource something running on a Microsoft domain, with the Microsoft logo, etc to an external entity, something customers wouldn't know about unless they read the ToU

b) That external entity wasn't held to even the most basic of security precautions - no MSFT online property would even be allowed to store passwords (that's the job for the LiveID guys) let alone do it in cleartext.

This is the sort of move for which people should get fired over.



This reminds me of the spate of hacks on Sony's sites. I wonder how many more MS sites are operated by third parties, and exactly how vulnerable are our personal information?

Let the heads roll.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: