- Microsoft has this week acknowledged that it shut down a website for an online Microsoft Developers Store last Thursday to look into a possible security vulnerability that could compromise customer information.
The alleged security problem involved a defective script used in the creation of the website, according to a posting by a developer at the SecurityFocus.com website. The script allegedly had a hole allowing access by an intruder, who could then obtain customer information from the site.
The store is a site used by software developers to download product betas, evaluation kits and other information.
Cesar Cerrudo, the developer from Argentina who posted the report about the alleged flaw on Thursday, said in his post, "I don't know when they gonna fix it, so don't put your personal info there until they fix it and you alredy [sic] do it humm...it's your problem :). Hey, Microsoft people, why don't you test your webapps?"
Cerrudo, reached today by telephone at his home in Parana, says he stumbled upon the security hole while he was shopping on the site for a beta copy of the latest Microsoft Visual Studio software. After he found the alleged flaw, he says he emailed Microsoft to notify the company but didn't get a response after 14 hours.
That's when he posted a message with SecurityFocus, he says. He still hasn't heard back from Microsoft, he says.
A message posted by Microsoft on the website says the "Microsoft Developer Store is temporarily unavailable."
A Microsoft spokeswoman says the site was shut down after the company was notified by a list moderator at SecurityFocus of Cerrudo's posting. The site is hosted by a third-party vendor for Microsoft and isn't linked to any websites on Microsoft's own network, the spokeswoman says.
The company has been reviewing the post's claim and is working to see if there are are any problems that need to be fixed, she says. "Microsoft as a company is vigilant about taking reports like this seriously," the spokeswoman says. She wasn't sure when the site would go back online.
Charles Kolodgy, an analyst at International Data Corporation in Framingham, Massachusetts, says such security problems are everywhere.
"It just always goes back to the idea that software is complex," Kolodgy says. "It's a whole software thing. It's not just a Microsoft thing. I think these things just continue to show that we need more discipline in the way that software is developed and coded."