Here are 2 blurbs from our mate PT from Wininfo/Winsupersite who puts his oar in (just like me and Redmak did) around the launch of XP. His story is one of Pictures (unlike ours)
It was a product launch like no other
Microsoft's launch of Windows XP was held at the Marriott Marquis in Times Square, New York City. The company held special events, parties, and meetings before and after the launch keynote, with key company executives making themselves available to the press. Here are some of the sites we saw this week in New York City.
You Didn't Really Think Microsoft Designed That Stuff, Did You?
This week, we learned that frog design, the legendary product-design company, created the overall visual design for Windows Media Player for Windows XP (MPXP) and the new Windows XP flag. This news should come as no surprise; Microsoft's designs all end up looking like WordPad and the command-line window in XP, which still bears the old Windows 9x-style title bar, even when it uses the new UI. Some of frog design's more famous designs include the Apple II and original Macintosh, the Next cube, and the Vadem Clio. But if you're wondering about the sea of blues and greens that pervade in the new XP UI, wonder no more. That was all Microsoft's doing.
View: WinInfo Short Takes: Windows XP Launch Special Edition @ Wininformant
View: WinXP Launch Showcase @ WinSupersite
It was a product launch like no other
Microsoft's launch of Windows XP was held at the Marriott Marquis in Times Square, New York City. The company held special events, parties, and meetings before and after the launch keynote, with key company executives making themselves available to the press. Here are some of the sites we saw this week in New York City.
You Didn't Really Think Microsoft Designed That Stuff, Did You?
This week, we learned that frog design, the legendary product-design company, created the overall visual design for Windows Media Player for Windows XP (MPXP) and the new Windows XP flag. This news should come as no surprise; Microsoft's designs all end up looking like WordPad and the command-line window in XP, which still bears the old Windows 9x-style title bar, even when it uses the new UI. Some of frog design's more famous designs include the Apple II and original Macintosh, the Next cube, and the Vadem Clio. But if you're wondering about the sea of blues and greens that pervade in the new XP UI, wonder no more. That was all Microsoft's doing.
View: WinInfo Short Takes: Windows XP Launch Special Edition @ Wininformant View: WinXP Launch Showcase @ WinSupersite
Further investigation revealed postings to online bulletin boards regarding the incident. According to WhiteHat Security CEO and founder Jeremiah Grossman, 'site' hackers often accumulate cracked accounts. One such account obtained by the hackers had Rainman overhead -- meaning it had the ability to edit associated content. Once logged in, all that was needed for editing rights was a group ID and password. Group IDs are exposed in a URL when an attempt is made to access Rainman, making the password the only roadblock to unfettered access.
Apparently, when a hacker was signed into the compromised account, an AOL employee sent an instant message mistaking the individual for a co-worker. With slight of hand and some misdirection, the AOL employee offered up the password to Rainman, as well as the password to his wife's account. In each instance, the login for the AOL account itself was identical to the Rainman password.
The alleged hacker summed up the experience in a bulletin board posting. "I hopped on it the other day and got a message from a coworker telling me about how he uploaded the new version of the economist and found out that he also used 'my' account. To make a long story short...I told him I was locked out of my account and he gave up the password. The next day I figured I could extort the rainman password out of him and I later found out...He also gave me the rainman password for his wifes account who also has rights to those keywords. It turned out that her logon password was also the same as here Rainman password but was bound to a Securid key." (sic)
Reports indicate that a brute force style program dubbed "Rainstorm" may have been used in the attack as well. However, all indications BetaNews has received point to human error as being a principal and deciding factor.
According to Grossman, "AOL and its staff require increased enforcement of security guidelines and policies when it comes to user account security. Whether it be an internal AOL account or a user account. These types of employee disclosure incidents should be allowed to take place. If employee accounts can be compromised through such modest means, what assurances do normal users have that they won't be targeted next?"
He continued on, "Apparently, AOL account passwords, whether belonging to employees and/or users need stricter requirements. Requirements such as, password length and sophistication have been implemented in security for quite some time. Its clear AOL has a big job and should be doing a better job in protecting accounts from this style of attack," said Grossman.
Despite repeated attempts to notify AOL and obtain comment, AOL did not respond by press time.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.