YASHIMP (Yet Another Security Hole In Microsoft's Passport)

Yep, itis that time of the week already. According to an article at Yahoo Finance, Microsoft has discovered and patched yet another security hole in its Passport service. This time, the hole could have allowed malicious users to hijack older Passport accounts. Microsoft believes that no accounts were compromised. From the article:

Microsoft said it learned about the vulnerability after a self-described security consultant published details to an Internet discussion list, a practice that has increasingly frustrated executives who prefer researchers to quietly work with software vendors to resolve such problems before announcing them publicly.

The consultant, who identified himself as Victor Manuel Alvarez Castro of Mexico, wrote that he tried unsuccessfully to contact Microsoft "several times" by e-mail.

You can read the full article at Yahoo! Finance.