April 14, 2000 7:49 AM
Microsoft Admits Engineers Placed Security Bug in
Some Software
NEW YORK -(Dow Jones)- Microsoft Corp. acknowledged that its
engineers
included in some of its Internet software a secret password
-- a phrase deriding their
rivals at Netscape as "weenies" -- that could be used to gain
illicit access to hundreds of
thousands of Internet sites world-wide, Friday's Wall Street
Journal reported.
The manager of Microsoft's security-response center, Steve
Lipner, acknowledged
the online-security risk and described such a backdoor
password as "absolutely against
our policy" and a firing offense for the as yet unidentified
employees, the Journal
reported. The company planned to warn customers as soon as
possible with an e-mail
bulletin and an advisory published on its corporate Web site.
Microsoft urged
customers to delete the computer file -- called "dvwssr.dll"
-- containing the
offending code. The file is installed on the company's
Internet-server software with
Frontpage 98 extensions, the Journal reported.
While there are no reports that the alleged security flaw has
been exploited, the affected software is
believed to be used by many Web sites. By using the so-called
back door, a hacker may be able to gain
access to key Web-site management files, which could in turn
provide a road map to such things as
customer credit-card numbers, said security experts who
discovered the password. Two security experts
discovered the rogue computer code -- part of which was the
denigrating comment "Netscape engineers
are weenies!" -- buried within the three-year-old piece of
software. It was apparently written by a
Microsoft employee near the peak of the hard-fought wars
between Netscape Communications Corp.
and Microsoft over their versions of Internet-browser
software. Netscape later was acquired by America
Online Inc.
Copyright (c) 2000 Dow Jones & Company, Inc.
All Rights Reserved.
