The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
37°F
Current Conditions
Mist
View complete weather report

Color Scheme

Subscribe now

Whiz Kids Discover Bug Students Doing Project Stumble On Software Flaw

Associated Press

Microsoft Corp. has a Worcester Polytechnic Institute engineering student to thank for finding a security flaw in the software giant’s popular Internet Explorer program.

But for student Paul Greene, it’s meant an unexpected lesson about the impact of science on society. Greene uncovered the flaw while working on a class project. Then he posted the information on the Internet.

“I haven’t slept in 48 hours. We have had more than 60,000 hits on our Web page, and I have more than 100 telephone messages stacked up,” the 28-year-old junior from Fall River said in a telephone interview Tuesday with The Associated Press. “The reaction has been incredible. And all I wanted to do was write this little paper.”

The flaw could allow a Web site operator to secretly run programs or destroy files on someone else’s personal computer.

Microsoft’s programmers scrambled to fix the bug in the company’s key Internet product, which is used by millions of people worldwide to access the Web.

It started with an assignment to demonstrate how scientific techniques can be used in marketing.

The students were told to develop a survey assessing the effectiveness of the school’s freshman orientation program.

While trying to share files with three other students, Greene mistakenly created a “shortcut,” a device used to start other programs. “Then I got to wondering what would happen if I tried it,” he said. And suddenly he found he was able to run programs on the other computers.

“I called over my roommates” - computer science majors Brian Morin, 22, of Nashua, N.H., and Geoffrey Elliott, 20, of Brattleboro, Vt. - “and their mouths just dropped open,” Greene said. “At first we thought this is real neat stuff,” he said. “Then the implications set in, and we realized that you could rain absolute terror on someone’s machine.”

Last Thursday, the trio posted an e-mail note on Microsoft’s bulletin board dealing with program bugs. When they didn’t get an immediate response, they messaged some on-line magazines.

By Sunday night, they still hadn’t been able to rouse any interest in their discovery, so they posted their information on a public Internet bulletin board along with some tests developed by Morin and Elliott to demonstrate the flaw.

“We’ve been bombarded ever since,” said Morin, a senior who runs a software-consulting company with three offices as well as being a full-time student.

“We decided to move quickly on this, because it affects us personally,” Morin said.

“It’s my business and I love Microsoft products,” he said. “But it puts so much at risk that it’s scary. We never wanted to be malicious and we tried to be discreet, but we figured the quickest way to get it resolved was to go public. At least if they know about it people can take precautions.”

And finally they heard from Microsoft.

“We got a couple of e-mail messages after we went public,” Morin said. “They were very nice about it. Naturally, they are not happy with the bug, but they thanked us and have promised a fix,” which was posted late Tuesday.