CNET News.com: Microsoft orders security audit after Hotmail breach

“Microsoft pulled Hotmail offline for about two hours August 30
after two European Web sites alerted the company that any Net user
could access any Hotmail account without a password as long as a
user’s name, commonly found in a Hotmail email address, was known.
…although Microsoft said it fixed the security problem the same
day, it has decided to go a step further by testing the integrity
of Hotmail, which has more than 40 million active members.

‘We have voluntarily invited a third-party firm to conduct its
own inquiry and present us with their findings,’ Microsoft
spokesman Tom Pilla told CNET News.com. Microsoft, in conjunction
with Truste, had planned to disclose the news on Monday. Truste is
a nonprofit group that acts as a privacy watchdog.”

“Microsoft wouldn’t provide the name of the auditing firm, which
will review Hotmail security but not the security of Microsoft’s
other Web sites that collect personal information from users.

The move by Microsoft was apparently prompted by complaints
made to Truste, which is expected to publish the so-called watchdog
reports publicly. Microsoft is a premier sponsor of Truste and
carries the program’s licensed seal, which informs Web users about
precautions a site is taking to protect their privacy.”

“This is not Truste’s first investigation into Microsoft privacy
practices. In March, Truste looked into a feature in Microsoft’s
Windows 98 operating system that could be exploited to collect
information about authors of electronic documents without their
knowledge through a unique identification number.”

Complete Story