A Microsoft employee may have impersonated a private technology consultant in order to smear America Online Inc.
A Microsoft employee sent an e-mail accusing AOL of irresponsible behavior in the battle over instant messaging, said Richard Smith, a security expert who received the message.
Smith told ZDNN that if the allegations against AOL are true, then users' computers could be at risk.
While Smith said Microsoft had told him one of its employees had to have sent the message, the company is now more circumspect. A Microsoft official told ZDNN that the company is still investigating the situation.
"If it did come from within Microsoft, it's clearly from someone who got caught up in the heat of the moment," said Rob Bennett, director of marketing for MSN. "But that doesn't excuse AOL's actions. They are putting the security of millions of users at risk."
Battle of the superpowers
Microsoft and AOL have been at each other's throats since Microsoft released a program last month that allowed MSN users to contact consumers using AOL's popular Instant Messenger service.
AOL has accused Microsoft of improperly accessing its servers. Microsoft replied that AOL was unfairly closing off its technology to developers.
The two have been playing a cat-and-mouse game, with AOL putting up blocks against Microsoft's program, and Microsoft workers developing workarounds to get access.
Smith, president of Phar Lap Software, said Friday that he got an e-mail Wednesday night from someone claiming to be Phil Bucking of Bucking Consulting. The e-mail accused AOL of committing a "heinous and risky action" and putting users at risk in its attempts to block Microsoft.
"I did some Web searches [on Bucking] and it came up blank. That set off some alarm bells," Smith said. He said he was able to trace the e-mail origination back to a Microsoft proxy server.
Smith said he was unhappy at 'being used' by the Microsoft employee, but was concerned about the claims made in the e-mail.
While Smith said he was unhappy at "being used" by the Microsoft employee, he said he was concerned about the claims made in the e-mail.
The e-mail alleges that in its attempts to block Microsoft, AOL sent snippets of code to AIM clients, exploiting a "buffer overrun" to execute the code.
If that's true, Smith said, then "what that means is AOL has a back door into customers' computers where they can run stuff."
"I don't think any [software] should have a back door. They need to come clean. They've got to say yes or no," Smith said.
AOL spokeswoman Tricia Primrose did not directly respond to the allegations.
"From our view, this is a fake issue from a fake consultant. The privacy and security of our members is priority one, two and three for the company," she said. "This is an embarrassing situation for Microsoft and I certainly hope that they follow up as promised and find the individual responsible and take the appropriate action."
Shades of the past
"We had actually found it out. We had no plans to go public with it. But now that it is out there it's amazing for me to see AOL denying that it exists," he said.
"When we get a bug like that, we work very quickly to address it and fix it." However, Microsoft has been criticized for its slowness in responding to bugs.
The current episode is reminiscent of one in the early 1990s, when a "Steve Barkto" went into message boards to post messages discrediting the OS/2 operating system. Barkto claimed to be an unhappy OS/2 user in Oklahoma, but his online account was allegedly paid for by Microsoft employee Rick Segal.
Microsoft's Bennett said that his company had detected the AIM bug earlier in the week.
