Commerical Impact of Weak Security

Be a part of largest online community. Register Now!

As per CIO's October 2004 Survey on IT Spending in 2005 - 69% of respondant agreed that, they will increase their IT spending on IT security. Increament anticipated was in the range of 15% on higher side to 6 % on lower side.

I came across another article from Internetnews.com about eBay Moves on Without Passport. Excerpts from the same are given below.

While a well-implemented and widely accepted service that allows shoppers to move from store to store without having to register with each separately could be a boon to e-commerce, experts agree that Microsoft's security issues have left users hesitant.

In a notice released late Wednesday, eBay said members will have to sign in through eBay directly starting in late January.

"Once this takes place, the Microsoft Passport button that is currently displayed on Sign In pages will be replaced with links to a page with more information, including Help in case you cannot remember your User ID or password," the notice said.

eBay also said it will discontinue sending eBay Notifications through Microsoft .NET alerts, and recommended that users who would like to continue receiving auction updates will be able to sign up and get them through their mobile phone or PDA.

Microsoft, meanwhile has nixed its site directory for Passport, although Passport will be very much a way of life for users of Microsoft's Web sites, such as its e-mail offering Hotmail.

"We have discontinued our Site Directory, but you'll know when you can use your Passport to make sign-in easier. Just look for the .NET Passport Sign In button!" a notice on its Passport site said.

In October, online job listing company Monster.com stopped using Passport after three years as a partner.

The latest move from eBay raises the question of whether Passport has a future in Redmond's vision of using the sign-on system for accessing secure Web services.

Many analysts believe Web services, distributed computing that allows applications to communicate with one another, will only work if vendors can promise safe, trustworthy single sign-on services to users. For example, experts expect a combination of single sign-on and Web services to enable shoppers to purchase goods in a mall through a handheld computer.

But Microsoft has been faced with mounting concerns about security due to a rash of security issues in its Windows operating system and IE browser. The problems have left some customers and partners leery about subscribing to Passport or other services that require users to provide their personal information, such as address and credit card data.

The situation wasn't helped in 2003 when two security analysts for Gartner urged financial institutions and other enterprises to stop using Microsoft's .NET Passport service.

"Microsoft failed to thoroughly test Passport's security architecture, and this flaw — uncovered more than six months after Microsoft added the vulnerable feature to the system — raises serious doubts about the reliability of every Passport identity issued to date," according to a report at the time by John Pescatore and Avivah Litan for Gartner.

"Passport lost momentum a long time ago, and now we have significant evidence of market erosion. I'm sure this is not the last such case we'll hear about," Forrester security analyst Jonathan Penn said.

"Remember, eBay is being hit by fraud via phishing and keystroke logging attacks on its customers," he said. "The last thing they need to worry about when dealing with all these account compromises is an open door over which they have no control. The security weaknesses and lack of control participating organizations have in Passport (being a centralized, MS-run service) is undoubtedly a big factor behind eBay's decision."

The company also faces tough competition regarding single sign-on and authentication systems. HP, Sun Microsystems, and others offer their own federated identity service through the Liberty Alliance, which IBM joined in October along with seven other members.

"Authentication remains a widespread industry issue," Earl Perkins, a security analyst at META Group, said of Liberty at the time. "An organization capable of leveraging support from influential companies across industries and developing and model that makes strong authentication convenient, affordable, and interoperable between infrastructures and authenticators... is well-positioned to drive widespread adoption."

I met lot many bunch of MS evangalist who advocate and sometimes preaches that, MS products are suppose to be the world's best upto extent of de-sale Linux and Unix based products ( Favourite argument of this guys is which version of Linux? Which build of UNIX?)

I suggest MS guys need to be matured enough to compare themelves as they even don't know that above is evidance enough to be quoted that, organisation loose competitive edge as well as hit badly on bottomline with above divorce incidents.

If u read the above blog, why not sound of your wisdom as comment??