Microsoft Windows Live ... FREE ... !

Microsoft Windows Live Toolbar

2008-07-31T23:18:00.000+07:00

With Windows Live..., you will get software and services
that make what you can do on your PC and the Web
just that much more amazing.
Think of it as the power of Windows combined
with the limitless possibility of the Internet.
It's all about new ways to connect and share
and how to be safer when you're doing it.
Now, let's go. Find out what's new.

Microsoft Windows Live

2008-07-31T23:14:00.000+07:00

Product overview
Most of the web sites and applications that use Windows Live ID are Microsoft sites, services, and properties such as Hotmail, MSNBC, MSN, Xbox 360's Xbox Live, the .NET Messenger Service, Zune or MSN subscriptions, but there are also several other companies affiliated with Microsoft that use it, such as Expedia and Hoyts. Users of Hotmail or MSN automatically have a Windows Live ID that corresponds to their accounts. Most recently user log in data has started to allow demographic targeting by advertisers using Microsoft adCenter.[citation needed]
Microsoft's Windows XP has an option to link a Windows user account with a Windows Live ID (appearing with its former names), logging users into Windows Live ID whenever they log into Windows.
Windows Live ID's relationship to Windows CardSpace, a component of Windows Vista, is unknown at this time.
On August 15, 2007, Microsoft released Windows Live ID Web Authentication, opening Windows Live ID to web site developers.

Technical overview
A new user entering a commerce server will first be redirected to the nearest authentication server, which asks for username and password over an SSL-secured connection, unless the user can present a valid GLOBALAUTH-cookie. In return, a newly accepted user (a) has an encrypted time-limited GLOBALAUTH-cookie stored on his computer and (b) receives a triple DES encrypted ID-tag that previously has been agreed upon, between the authentication and the commerce server. This ID-tag is then sent to the commerce server, upon which the commerce server plants an encrypted LOCALAUTH-cookie in the user’s computer, also time-limited. The presenting of these LOCAL and GLOBAL cookies to various commerce and authentication servers prevents the need for authentication within the time of validity, as in the Kerberos protocol.
If the user actively logs out of Windows Live ID, these cookies will be removed; however, users are often confused by other commerce server logout functions, and unintentionally leave these cookies intact.[citation needed] The service depends on users allowing their browsers to ship cookies to servers other than the one they originated from.

Criticism
Windows Live ID is used by many services to prove ownership of a user's e-mail address. On June 17, 2007, Erik Duindam, a web developer in the Netherlands reported a privacy and identity risk, calling it a "critical error was made by Microsoft programmers that allows everyone to create an ID for virtually any e-mail address." [1] A procedure was found to allow users to register invalid or currently used e-mail addresses. Upon registration with a valid e-mail address, an e-mail verification link is sent to the user. Before using it however, the user was allowed to change the e-mail address to one that doesn't exist, or to an e-mail address currently used by someone else. The verification link then caused the Windows Live ID system to confirm the account as having a verified email address. That flaw was fixed two days later, on June 19, 2007 [2].

History
Microsoft Passport, the predecessor to Windows Live ID, was originally positioned as a single sign-on service for all web commerce. Microsoft Passport had received much criticism. A prominent critic was Kim Cameron, the author of the Laws of Identity, who questioned Microsoft Passport in its violations of those laws. He has since become Microsoft's Chief Identity Architect and helped address those violations in the design of the Windows Live ID identity meta-system. As a consequence, Windows Live ID is not positioned as the single sign-on service for all web commerce, but as one choice of many among identity systems.
In 2001, the Electronic Frontier Foundation's staff attorney Deborah Pierce criticized Microsoft Passport as a potential threat to privacy after it was revealed that Microsoft would have full access to and usage of customer information.[3] The privacy terms were quickly updated by Microsoft to allay customers' fears.
In 2003, Faisal Danka [4], an IT Security expert in Pakistan, revealed a serious flaw in Microsoft Passport, through which any account linked to Microsoft Passport or Hotmail could easily be cracked by using any common browser. [5]
Microsoft had pushed for non-Microsoft entities to create a internet wide unified-login system.[citation needed] Examples of sites that used Microsoft Passport were eBay and Monster.com, but in 2004 those agreements were cancelled[6].

References
^ http://www.erikduindam.com/windowslive.pdf "Windows Live ID security breached" on erikduindam.com
^ http://pcworld.about.com/od/instantmessaging1/Microsoft-Windows-Live-Flaw-Op.htm
^ Privacy terms revised for Microsoft Passport
^ Faisal Danka
^ CNN.com - Microsoft: flaw left millions at risk - May. 9, 2003
^ Microsoft Passport Dumped By Ebay

See also
Liberty Alliance
OASIS (organization)
Xbox Live
OpenID, Yadis, Light-Weight Identity - URL-based identity protocols
Windows CardSpace
Windows Live

From Wikipedia, the free encyclopedia

Rudy H - Online Zuperstore

Windows Live ID

2008-03-16T20:46:00.000+07:00

A great, free upgrade for your Windows experience.

2008-03-05T10:37:00.000+07:00