MORE.....Friday August 13 8:36 PM ET
Fake Microsoft Mail Raises Question About AOL
By Martin Wolk
SEATTLE (Reuters) - The bitter battle over instant messaging erupted again Friday after the disclosure
that a Microsoft Corp. (Nasdaq:MSFT - news) employee apparently used a false identity in an effort to
smear archrival America Online Inc. (NYSE:AOL - news)
A Microsoft executive said the smear attempt was not authorized but raised a serious issue about America Online's latest
efforts to jam its rival's messaging software.
Engineers from the two industry giants have been waging war since Microsoft posted its free messaging software July 22 with
the promise that users could communicate with the more than 40 million users of AOL's market-dominating message system.
America Online called that an intrusion and blocked the Microsoft product, but Microsoft has published at least 12 revisions of
its products trying to get around the roadblocks.
The latest development came to light after Richard Smith, president of Phar Lap Software Inc. in Cambridge, Mass., got an
electronic mail message from a ''Phil Bucking,'' who purported to be a consultant developing instant messaging software and
raised ''alarm bells'' about America Online's tactics.
Smith tried to find out more about his correspondent and discovered the mail message had originated within Microsoft Corp.'s
network.
''So in about 30 seconds I realized what the game was,'' Smith said.
Rob Bennett, director of marketing for Microsoft's online properties, acknowledged that the message likely came from
somebody at the Redmond-based software giant.
''We're trying to track it down,'' he said. ''If it did come from within our network it was most definitely the act of an individual
and not someone representative of the company at all.''
But Bennett said Microsoft engineers had confirmed the claims made in the pseudonymous e-mail -- that America Online was
exploiting a security flaw in its own software, known as a ''buffer overflow'' error, to disconnect users of Microsoft's rival MSN
Messenger product.
Smith, a security expert who has uncovered flaws in Microsoft products, said it appeared AOL was exploiting the flaw to send
snippets of software code into the computers of customers who use its messaging software. The code is executed on the client
computer without the user's knowledge, and a response is sent back to America Online, Smith said.
Smith said one coding mistake by AOL could crash ''hundreds of thousands'' of computers.
''They're putting their customers at risk,'' he said. ''I don't think they should do this at all.''
AOL spokeswoman Tricia Primrose declined to say whether there was such a flaw in the company's software, which could
allow hackers to gain access to data on individual PCs.
''We're not going to get into the specific blocking tactics we are using,'' she said. ''There is absolutely nothing we have done,
are doing or will ever do with the (messaging) client or service that puts the privacy and security of our members at risk.''
She said the bigger issue was Microsoft's use of a fake e-mail. ''We think this is appalling behavior,'' she said.
|
