Microsoft's Passport System Deeply Flawed
Marc Slemko, a software developer, developed a technique to steal a person's Microsoft Passport, credit card numbers -- and all, simply by getting the victim to open a Hotmail message. He cobbled together this technique in just half an hour. Slemko withheld publication of the flaws until Microsoft had an opportunity to correct it. The attack renews questions about the inherent security of Passport, which is being positioned by Microsoft as the lynch pin of its .NET e-commerce service initiative. Slemko argues that, "Passport's greatest marketing strength -- the single sign-on -- is also its chief technical weakness."Stealing MS Passport's Wallet , Wired News, November 2, 2001
Risks of the Passport Single Signon Protocol, AT&T Labs - Research
