Nov 15, 2009

Microsoft's Bing hit by costly security loophole

It has spent hundreds of millions of dollars trying to take on Google, but Microsoft's Bing search engine faced embarrassment last week after it emerged that a security loophole could allow users to skim huge sums of money from the system without its knowledge.

The security glitch, which is linked to a "cash back" system operated by Bing, potentially leaves users and retailers exposed to fake transactions. But despite an outcry online over the existance of the loophole, the world's largest software company has responded to the issue by threatening legal action against the man who discovered the problem.

The furore surrounds Bing's 'cash back' system, intended to encourage internet users to opt for its search engine instead of Google. First launched last year, before Microsoft rebranded its search website, the affiliate scheme offers users the chance to earn money back for every product they buy through the service.

According to the site, Microsoft says, "Bing cashback is a great way for you to save money when you shop online... Yot'll earn a percentage of the product price as cashback."

But a technical flaw in the system was discovered by US entrepreneur Samir Meghani, the co-founder of price comparison website Bountii, who found that the way Bing cashback works means that a small piece of computer code could result in huge sums of money being credited to somebody's account.

Flaw

The 'obvious flaw', he suggested, could also be used to block other users from getting their legitimate savings. "I've never bought anything using Bing Cashback, but the balance of my account is $2,080.06," he wrote. "I'm not going to explain exactly how to generate the fake requests so that they actually post, but it's not complicated."

Meghani said that he received a letter from the company's lawyers asking him to take down his post on the subject-or face the consequences.

"Microsoft views the misuse of its programs and resultant injury extremely seriously," the company's lawyers told him in a letter published on the blog. "If necessary, Microsoft is prepared to consider further action to protect its rights."

News of the glitch comes at an awkward moment for Microsoft and Bing, which launched in May under its new name. The software major is desperate to outstrip the dominance of Google, and tap into the lucrative search engine advertising market.

But after the relaunch and a hugely expensive marketing campaign, Bing still handles less than nine per cent of all search traffic in the US, and an even smaller amount of queries worlwide.


By Bobbie Johnson, http://gulfnews.com

No comments:

Post a Comment