One of my major trophy achievement is attributed to the discovery of Microsoft Passport Flaw / Vulnerability (2003). Below are some of the links of its global media coverage and my interviews:,1000000097,2134466,00.htm
several others…..


On the same day of my public release of this flaw/vulnerability (after a few good hours though) – a rather dilapidated Pakistani website claimed the discovery of the flaw and declared credit of the discovery to themselves.
I am not sure if this was just a coincidence (mind you that the flaw was very simple in nature anyway so it is quite possible) or was it a deliberate and slapdash attempt to tap into the potential media coverage of this flaw. Whatever it was, it was unsuccessful and subject to utter ridicule by the professional community – Global media looked into it, considered it and then decided to ignore the false claims and rightfully attributed the credit to whom it was due – ie, Yours Truly.

With the benefit of hind sight, I would say that the international media considered the facts that, (i) my release was comprehensive (ie, included real technical details not some generic mumbo-jumbo), (ii) it was made public a lot earlier than the false claim and (iii) most importantly I did not attempt to puff-up the issue – instead I stated in my interview to Associated Press that, the nature of the flaw was one of the most simplest form of input validation failures.


1 Response to “Microsoft Passport Flaw”

  1. 1 Khawar Nehal March 20, 2011 at 2:25 pm

    I remember those old good times in the ISPs.

    Crackers vs ISP admins and investors all stuck in a tangled web.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: