Bing

Nokia engineer exposes alleged Windows Store security flaws

2024
Nokia engineer exposes alleged Windows Store security flaws
Anonim

Although the number of applications in the Windows Store continues to grow at a good pace, there are still many to come and show that the Microsoft application store is a great opportunity for developers. Those of Redmond have the task of convincing them of this, but news like these days may not help. Justin Angel, an engineer working for Nokia, posted on his website a detailedlist of instructions for cracking Windows Store applications

The objective of the engineer is to make public a series of errors that affect the sale of applications through the store and within them.In the note published on his website, which is no longer accessible, the engineer demonstrated how to crack several games in different ways that ranged from getting free content to unlocking payment levels or remove temporary restrictions of the trial period. He even added some simple ones like removing the displayed one simply by editing a XAML file

Although the chosen examples only correspond to games, any other application from the Windows Store may be vulnerable. Justin Angel's goal is to publicly expose these security flaws so that Microsoft fixes them as soon as possible. His intention is that developers can monetize their applications properly, for which they need a secure platform

The problem lies in elucidating who is to blame hereAlthough the Nokia engineer points to Microsoft directly, going so far as to write that if they don't fix these security gaps it's not because they can't but because they have chosen not to; From Microsoft they point out that these vulnerabilities are common to any application store that has just started and that they can be solved with the appropriate code. They also claim to have taken a variety of extra security measures and provided information in their 'Dev Center' on various techniques that developers can use to protect themselves.

The applications under test apparently saved their data in a way that was easy to access, as well as the requests they made they performed. Given this, the people of Microsoft remember that developers can protect specific parts of their applications on a remote server or encrypt them so that they can protect critical files as they deem necessary.

If so, it would not seem correct to accuse Microsoft of what would be negligence on the part of the application developer by not using the security measures available to it. The problem is one of the applications that Justin Angel put to the test was, neither more nor less, the 'Minesweeper' ('Minesweeper') from Microsoft itself, from which he managed to eliminate the. Did Microsoft not follow their own recommendations or is the problem with the Store in general? Who has the reason?

Via | Slash Gear | Engadget

Bing

Editor's choice

Is HTC losing interest in Windows Phone?

Is HTC losing interest in Windows Phone?

2024
Samsung Ativ Q

Samsung Ativ Q

2024
Images of what could be the new Nokia Lumia EOS

Images of what could be the new Nokia Lumia EOS

2024
Build 2013 devices: waiting for manufacturers

Build 2013 devices: waiting for manufacturers

2024
Back to top button