Microsoft testers get an eyeful

In a brief security lapse, early testers of Microsoft software had access to discussions on all of the company's products, rather than just the programs they were trying out.

Ina Fried Former Staff writer, CNET News

During her years at CNET News, Ina Fried changed beats several times, changed genders once, and covered both of the Pirates of Silicon Valley.

See full bio

Ina Fried

Aug. 6, 2003 3:29 p.m. PT

In a brief security lapse, early testers of Microsoft software had access to discussions on all of Microsoft's products, rather than just the programs they were testing.

For about 36 hours this week, registered beta testers could view, but not post, new messages on any of the various discussion groups Microsoft hosts for its products that are in beta testing. In order to gain access to different discussions, testers would have to know or deduce a three-digit code for the product they were interested in.

That meant that someone testing the next version of Office, say, would be able to read about Longhorn, the next version of Windows.

"All they had were viewing rights," Microsoft spokesman Sean Sundwall said.

The security breakdown occurred as Microsoft was testing a new version of the internal program it uses to manage its discussion groups, Sundwall said. Sundwall said the company inadvertently gave full discussion group permission to its thousands of beta testers when the new software was installed.

The problem has been fixed and testers once again have access only to discussions on products they are testing, Sundwall said.