Summary: Microsoft's plan to "bribe" users of its search engine are flawed and are actually costing more than they save; New risks for Internet Explorer users

LAST WEEK we wrote about a Cashback flaw that led Microsoft to intimidating and harassing a blogger rather than fixing the problem [1, 2]. Mike Masnick writes about this leading to the revelation of only more problems.

I'd been meaning to write this up for about a week, but finally got it around to it, just in time to add some additional info. First up, though, comes the news that Microsoft's legal department demanded a blogger remove a blog post about flaws in Bing's Cashback offer (Microsoft's attempt to bribe users to search via Bing instead of Google). One of the methods for the cashback offer involved pixel tracking, and blogger Samir Meghani noted that this was easily gamed to post fake transactions to your account. He also noted problems with the way Microsoft used sequential IDs, allowing potential scammers to "deny cashback rebates to legitimate users by using up available order ID numbers." Instead of dealing with these flaws, Microsoft lawyers sent a cease-and-desist and forced the blog post offline. I'm actually quite surprised this hasn't received a lot more attention.

According to this new report, Bing cashback can actually be negative, i.e. only giving an illusion of savings.

So, if I go directly to butterflyphoto.com, I pay $699 with 0% cashback. If I use Bing Cashback, I pay $758 with 2% cashback, or $742.84. Using Bing cashback has actually cost me $43.84, giving an effective cashback rate of -6.27%. Yes, negative cashback! Is this legal? False advertising? I don’t know, but it’s pretty sketchy.

The problem doesn’t end there. Using Bing has tainted my web browser. Butterfly Photo set a three month cookie on my computer to indicate that I came from Bing. Any product I look at for the next three months may show a different price than I’d get by going there directly. Just clicking a Bing link means three months of potentially negative cashback, without me ever realizing it. I’m actually afraid to use their service even just to write this, because it may cost me money in the future. If you’ve been thinking about trying out Bing Cashback, you may want to rethink that.

To be fair to Microsoft, they aren’t offering negative cashback on every item at every store, but I know of more than a few instances. Let’s see if/when they decide to remove this “feature.”

So, it turns out that there is this other flaw in Cashback, albeit of a different kind. And a few days ago we wrote about an Internet Explorer 6/7 zero-day flaw which Microsoft finally confirms.

Microsoft has published Security Advisory (977981), confirming reports of a "zero day" vulnerability in Internet Explorer 6 SP1 and IE7. If you were thinking of upgrading to IE8, this would be a good time to do it. Microsoft says there have been no known attempts to exploit the security hole, but this could change at any time.

Another major bug in Internet Explorer is said to have just leaked private details from 50 million PDF files.

A bug in Microsoft's Internet Explorer browser is causing more than 50 million files stored online to leak potentially sensitive information that could compromise user privacy, a security researcher said.

As another last item, Cameron Neylon is quoted as follows: "would you...contribute to a survey on tech uptake...survey only available to those using Windows and IE"

Glyn Moody asks: "possible bias?"

Well, of course. Many surveys are just like that. By selecting the population that they reach they can impact ("cook") the outcome. Microsoft does this a lot to discredit competition. ⬆