bad enough that we can browse the contents of their server. They shouldn't be vulnerable to this," said Ryan Russell, technical editor of SecurityFocus.com, a computer security Web site. "If they had anything interesting on the server, he could have gotten into it."
The damage to customer confidence may outweigh the actual security damage to Microsoft.
Dimitri "didn't have to be a rocket scientist" to get into Microsoft's server using a known security bug, and theoretically he had the opportunity to do damage once achieving access, said Paul Zimski, a security researcher at Internet security firm Finjan.
Joris Evers and George A. Chidi Jr. write for the IDG News Service.
