By Clint Boulton, InternetNews.com
Unidentified Microsoft
Corp. engineers have created a backdoor password in some of the
company’s Net software that may be used to gain illegal access to
sites all over the world.
Two security experts reportedly found the secret code, which
poked fun at rival Netscape’s engineers, referring to them as
“weenies,” the Wall Street Journal reported Thursday.
Steve Lipner, manager of Microsoft’s security-response center,
said such a backdoor password as “absolutely against our policy”
and a firing offense for the as yet unidentified employees.
The company said it would give clients, many of whom include
giant Net hosting providers, a heads up with an e-mail bulletin and
an advisory published on its corporate Web site. Microsoft (MSFT)
urged customers to delete the file called “dvwssr.dll,” which
houses the offending code. The file is installed on the firms
Net-server software with Frontpage 98 extensions.
Although no reports have surfaced claiming the alleged security
flaw has been exploited, the affected software is believed to be
used by many Web sites. Should hackers take advantage of the
backdoor, they could gain access to key Web site management files,
which could yield customer credit card numbers, said security
experts who discovered the password.
It is believed that the code was written by a Microsoft engineer
during its browser wars with Netscape Communications.
The bug was discovered by Alf Serer from ClientLogic.com. He tipped off a
fellow expert, known only as “Rain Forest Puppy,” who confirmed the
backdoor after testing. RFP said the degrading “Netscape engineers
are weenies!” line was used repeatedly as a constant key.
“I was told by MS that only individuals with Web authoring
permission can use it, which is more than I had originally thought.
But it’s not as widespread as, say, RDS,” RFP said.
“Regardless of it’s actual purpose, or Microsoft’s intent, I
think the core interesting issue is that Microsoft literally coded
(or allowed) a .dll who used a static key such as “Netscape
engineers are weenies!”
The code, and additional comments by RFP, may be seen here.
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.