Announcement

Collapse
No announcement yet.

Yet ANOTHER Hotmail / Passport Vulnerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Yet ANOTHER Hotmail / Passport Vulnerability

    This is old news now, but I haven't seen it discussed yet so I thought I'd share it with anybody who hadn't had a chance to see it. Basically you could reset the password on any hotmail account you wanted to, by simply changing a few strings in a url.

    http://securityfocus.com/archive/75/...5/2003-05-11/0

    --commentary--

    I mean come on, people store all sorts of data in their passport accounts, yet by simply changing a few strings in a URL their data completeley vulnerable. Credit cards, Photos, Addresses, You name it. This is not acceptable from the largest software company in the world.

    BTW:
    This doesn't work anymore. Microsoft disabled resetting hotmail passwords completeley either last night or this morning......... until they figure out who to fire for such blatantly sloppy security & fix it.

    Hushmail accounts are starting to look really nice about now.

  • #2
    Yeah this doesnt suprise me much at all, I really dislike hotmail...this is just another reason why.;)

    Comment


    • #3
      Re: Yet ANOTHER Hotmail / Passport Vulnerability

      Originally posted by rusty
      Hushmail accounts are starting to look really nice about now.
      I used to play around with hotmail's temp file they drop and remove during Windows messenger logs into hotmail... fun stuff... they don't bother to lock the file so that is unreadable, so anyone can capture it and read it... nor is it encrypted or obfuscated...

      I haven't heard too much about hushmail ever getting compromised... which is either very good or very scary :) ... surely one of these days it is bound to happen... in fact it would probably be more comforting :D

      Comment


      • #4
        Was Hotmail this screwed up BEFORE Microsoft bought it?

        Comment


        • #5
          Only Microsoft would think so, even if it wasn't... it's either the Microsoft way or the Milky Way.

          Comment


          • #6
            It seems that microsoft's products aren't secure as others.
            Last edited by encrypt31945; May 11, 2003, 13:18.

            Comment


            • #7
              Well...if you think about it, nothing Microsoft produces is secure...from their servers to thier games. They all suck.

              Comment


              • #8
                Originally posted by darC
                Well...if you think about it, nothing Microsoft produces is secure...from their servers to thier games. They all suck.

                Yeah well thats because bill gates is a greedy basterd who's mind set is quanity, and quality.

                U know i heard the other day that he wants to put tv's in bathrooms to advertise microsoft.

                Comment


                • #9
                  Mircosoft is always been crap, I run it only because every cool game runs in it, and i need to troubleshoot it for others. I think hotmail just was another failure due to microsofts greed over quality thinking.
                  ~:CK:~
                  I would like to meet a 1 to keep my 0 company.

                  Comment


                  • #10
                    Yep it is pretty much crap most of the time. But then again if you fuck with it like any OS it can be greatness. Like my 98 machine here.

                    But like all OS's out there. There is always holes, bugs, and problems that make you punch a wall (If you're messed up like that).

                    Using any other OS could and prob would be alot better if you set it up right. But you forget the point of my post. If you set it up right. Love your local Bill Gates.

                    -Famine, the windows user.

                    Comment

                    Working...
                    X