Microsoft shuts down access to your boss's CV

Hole plugged, nothing to see here, move along...
Written by Joey Gardiner, Contributor

Hole plugged, nothing to see here, move along...

Microsoft has responded to its latest security gaffe and patched a hole in its website for Microsoft Certified Professionals (MCPs). As revealed exclusively by silicon.com last week, the hole gave users the potential to check other people's qualifications online - one silicon.com reader discovered his boss hadn't passed all the exams he'd claimed. Microsoft last week refused to make a public announcement regarding the security breach, but has now admitted there was a problem and said it has patched the hole. In a statement issued today, the company said it regretted compromising any MCP exam histories: "There was a situation where an unauthorised user could gain access to exam histories. The problem was caused by a failure to follow our standard operating procedures, which would have enabled proper security around this application. "The problem was corrected and there is no longer unauthorised access to the information." The hole in the personalised sites for MCPs - IT professionals who have passed the Microsoft exams - could allow surfers to view anyone else's details online if they merely knew their MCP number. MCP numbers are often public knowledge, as they are on cards issued to all successful students, and are often produced as proof of qualifications to gain employment. Many MCPs carry the number on their business cards. The MCP hole is just another example of the security problems that have been plaguing Microsoft in recent months. The software giant has been roundly criticised for the security holes which allowed viruses such as Nimda and Code Red to circulate, as well as the much-publicised problems with Internet Explorer and Hotmail.
Editorial standards