Microsoft testers get an eyeful

By Ina Fried 
Staff Writer, CNET
August 6, 2003

In a brief security lapse, early testers of Microsoft software had
access to discussions on all of Microsoft's products, rather than just
the programs they were testing.

For about 36 hours this week, registered beta testers could view, but
not post, new messages on any of the various discussion groups
Microsoft hosts for its products that are in beta testing. In order to
gain access to different discussions, testers would have to know or
deduce a three-digit code for the product they were interested in.

That meant that someone testing the next version of Office, say, would
be able to read about Longhorn, the next version of Windows.

"All they had were viewing rights," Microsoft spokesman Sean Sundwall

The security breakdown occurred as Microsoft was testing a new version
of the internal program it uses to manage its discussion groups,
Sundwall said. Sundwall said the company inadvertently gave full
discussion group permission to its thousands of beta testers when the
new software was installed.

The problem has been fixed and testers once again have access only to
discussions on products they are testing, Sundwall said.

main page ATTRITION feedback