Be on the wave or under it™
The News – 08/21/01
May I See Your Passport,
Regular readers know I am not a fan
of Microsoft’s monopoly tactics, although I am a fan of some of their
software, and certainly appreciative of their leadership in creating the desktop
revolution. But even died-in-the-wool Microsofties should be concerned
about Microsoft’s Passport service and the company’s plans to make it
The idea behind Passport is simple.
It’s the idea behind a lot of Microsoft’s software, and it’s at the root of
most of Microsoft’s security problems: Convenience. If you’re like me, you’ve
created accounts at all sorts of Web sites. There are email accounts, discussion
groups, white paper download registrations, eCommerce accounts – you name
it. If you’re like most people, you have a problem remembering passwords.
In fact, you may use names of family members or pets as your passwords
(which is a really bad idea). Chances are, very few of your
passwords are secure, meaning a cracker could guess them or use software to
discover them quite easily. You may even use the same password for all your
accounts (also a really bad idea; for more information on creating secure
passwords, check this
Microsoft, to their credit, have
offered to solve this problem with Passport. But there are some very
disturbing aspects to the service. Basically, when you create a Passport
account, which you must do, for example, to use MSN Messenger, HotMail, or
Microsoft Support, you store lots of personal information on Microsoft’s
servers. Already I have a problem with this. We trust all kinds of companies
with intimate details of our lives and selves. MasterCard knows a lot about
my purchasing habits. ATT knows a lot about my calling habits. Northwest
Airlines knows a lot about my traveling habits. Having this sort of
information in the hands of commercial interests is a necessary evil. Where
the problem comes in is when this information is combined. For example,
suppose thieves could access my electric bill, my Northwest account, and my
MasterCard account. They could tell when I’m on vacation and come and steal
the new TV I just bought. (Notice to thieves: This is a hypothetical
scenario; I’m waiting for the HDTVs to come down in price before buying
Using Passport, Microsoft becomes
aware of a lot of your personal information as well as a lot of your
behavior. The way the service works is, when you visit a site that uses
Passport, Microsoft forwards your credentials to that site, and obviously
knows what site it is. So if I have a yen for Japanese porno sites, Microsoft
knows. If I purchase Viagra online, Microsoft knows. In fact, anything I do
online, Microsoft knows. It’s a marketer’s dream, and a law enforcement
dream. That’s problem number 1.
Another problem involves
the way Passport actually works. There are two main concerning areas:
First, Passport is being built in to
Windows XP, Microsoft’s next operating system. Thus XP users will use the
same password to log in to their system each morning as they use with the
Passport system. Since people rarely use secure passwords on their personal
systems, this is a problem. Also, if crackers compromise the Passport
password, which is bad, they also have access to your computer, which is
Second, and more important, when you
visit a Web site that uses Passport, a cookie containing your credential is
placed on your hard drive. A cookie is a plain text file that contains
information regarding a Web transaction. Cookies are normally used for
things like identifying you by name when you return to a site, or saving
the status of a transaction so it can be recovered if the connection is
broken. By placing the credential in an insecure, easily readable file on
your computer, you are left wide open to identity theft. It is quite easy
to steal a cookie, and thus quite easy to masquerade as another user.
Finally, Microsoft has a children’s
service called Kids’ Passport which many privacy advocates feel collects
more information than necessary from this vulnerable group.
The issue is complex, and I
encourage you to read the C|Net article linked below and view the video
from the article to get up to speed on some of the issues. Businesses
especially need to be aware of the possible impact of a Microsoft hegemony
on authentication. If their scheme plays out, you may be forced to use them
for all Web site authentication simply because they’ve established yet
another monopoly. Given Microsoft’s dismal security record, that could be a
- Shameless Self-Promotion Dept.: My speech at the
Minnesota Entrepreneurs Club pre-meeting workshop on Tuesday, “Will
You Have to Have It? What You Need to Know About Future Tech and Your
Business,” is now available.
Also, my white paper, Taking Control of the B2B Exchange: What's
Next in the Supply Chain Evolution, is now available on Manyworlds and is rated four
stars. I am honored to share the page with eCommerce expert Mohanbir
- Planet of the Apps: There’s a tremendously funny video you’ll never see on
World’s Funniest Videos but which has caused a bit of a stir in
software circles. It seems Steve Ballmer, excitable head of the World’s
Funniest Monopoly, Microsoft, got a little pumped up at the beginning
of his keynote at a recent internal conference. Many wry commentators
have suggested his antics confirmed the origin of the human species
with the apes. You be the judge.
Jump Jive and
Wail (You’ll need a media player that can
handle MPEG files like, say, Apple’s QuickTime)
- Let Be Be Finale of Seem:You probably never heard of Be, but they created BEOS, a
wonderful operating system, and were run by Jean-Louis Gassée of Apple
fame. I’m not really sure what Palm’s
got in mind here, but the acquisition, for $11 million in stock,
sparked this wonderful quote from US Bancorp Piper Jaffray analyst
William Crawford: “Where they have to go, Be already is.” Is you is or
is you ain't my OS?
Watch:This is a bit old, but I’ve just run across a new “C-level”
title that made me laugh. Back in April, troubled
Internet Service Provider (ISP) PSINet, in an effort to show exactly
how serious they were about returning to profitability and surviving
NASDAQ delisting, appointed Lawrence Hyatt, their chief financial
officer, to the newly created position of Chief Restructuring Officer
(CRO). Must not have worked. PSINet filed for Chapter 11 protection in
early June, and then promptly contributed to a major Internet outage
when ISP Cable & Wireless intentionally stopped peering with it.
(Peering is the practice of swapping traffic and is part of what makes
the Internet work.) When C&W quit peering, every PSINet customer
could not longer see sites on C&W networks, and vice versa. Since
smaller ISPs buy connectivity from larger ones like C&W and
PSINet, this affected whole sections of the country. Nice
restructuring, guys! Hyatt has returned to his old title, CFO.
- Nothing To Disclaim At This Time:
The UK site, The Register, which is a bit of a gadfly on the rump of
information technology, ran a contest back in May to find the most
outrageous disclaimers. You know disclaimers: that bunch of rubbish at
the end of a report or a post or an email that intends to absolve the
writer of everything short of being born. I particularly like the
winner of the Longest Disclaimer competition, which was won easily by
investment house UBS Warburg. This 1,081-word nauseous gasser ends
with a declaration that truly reflects the uncertainty and even the
futility of life: “E-mail transmission cannot be guaranteed to be
secure or error-free as information could be intercepted, corrupted,
lost, destroyed, arrive late or incomplete, or contain viruses. The
sender therefore does not accept liability for any errors or omissions
in the contents of this message which arise as a result of e-mail
transmission.” So if we gave you a virus, tough bounce. I think I’ve
lost the will to go on.
- Things That Make You Go Hmmmm Dept.:
In April, Sony released a version of Linux for its PlayStation 2
console. What can they be thinking? PS2 already plays DVDs. Hmmmm.
Could it be the uber-consumer-device a-borning? Thanks to Alert SNS
Reader Todd Mortenson for the pointer.
Can’t Get Enough of ME?
In the unlikely event
that you want more of my opinions, I’ve started a Weblog. It’s the
fashionable thing for pundits to do, and I’m doing it too. A Weblog is a
datestamped collection of somewhat random thoughts and ideas assembled on a
Web page. If you’d like to subject the world to your thoughts, as I do, you
can create your own Weblog. You need to have a Web site that allows you FTP
access, and the free software from www.blogger.com.
This allows you to right click on a Web page and append your pithy thoughts
to your Weblog.
I’ve dubbed my Weblog entries
“Stratlets”, and they are available at www.stratvantage.com/stratlets/.
Let me know what you think. Also check out the TrendSpot for ranking of
the latest emerging trends.
to Mike’s Take