Yet ANOTHER Hotmail / Passport Vulnerability

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • rusty
    insert clever title here
    • Feb 2003
    • 90
    #1

    Yet ANOTHER Hotmail / Passport Vulnerability

    This is old news now, but I haven't seen it discussed yet so I thought I'd share it with anybody who hadn't had a chance to see it. Basically you could reset the password on any hotmail account you wanted to, by simply changing a few strings in a url.

    http://securityfocus.com/archive/75/...5/2003-05-11/0

    --commentary--

    I mean come on, people store all sorts of data in their passport accounts, yet by simply changing a few strings in a URL their data completeley vulnerable. Credit cards, Photos, Addresses, You name it. This is not acceptable from the largest software company in the world.

    BTW:
    This doesn't work anymore. Microsoft disabled resetting hotmail passwords completeley either last night or this morning......... until they figure out who to fire for such blatantly sloppy security & fix it.

    Hushmail accounts are starting to look really nice about now.
    Tags: None
    • KaraHyo
      Unconfirmed Email
      • Feb 2003
      • 50
      #2
      Yeah this doesnt suprise me much at all, I really dislike hotmail...this is just another reason why.;)

        Comment

        • blackwave
          Member
          • Jun 2002
          • 4270
          #3
          Re: Yet ANOTHER Hotmail / Passport Vulnerability

          Originally posted by rusty
          Hushmail accounts are starting to look really nice about now.
          I used to play around with hotmail's temp file they drop and remove during Windows messenger logs into hotmail... fun stuff... they don't bother to lock the file so that is unreadable, so anyone can capture it and read it... nor is it encrypted or obfuscated...

          I haven't heard too much about hushmail ever getting compromised... which is either very good or very scary :) ... surely one of these days it is bound to happen... in fact it would probably be more comforting :D

            Comment

            • astcell
              Human Rights Issuer
              • Oct 2001
              • 7512
              #4
              Was Hotmail this screwed up BEFORE Microsoft bought it?

                Comment

                • blackwave
                  Member
                  • Jun 2002
                  • 4270
                  #5
                  Only Microsoft would think so, even if it wasn't... it's either the Microsoft way or the Milky Way.

                    Comment

                    • encrypt31945
                      Banned
                      • Apr 2003
                      • 266
                      #6
                      It seems that microsoft's products aren't secure as others.
                      Last edited by encrypt31945; May 11, 2003, 12:18.

                        Comment

                        • darC
                          Member
                          • Apr 2003
                          • 6
                          #7
                          Well...if you think about it, nothing Microsoft produces is secure...from their servers to thier games. They all suck.

                            Comment

                            • KaraHyo
                              Unconfirmed Email
                              • Feb 2003
                              • 50
                              #8
                              Originally posted by darC
                              Well...if you think about it, nothing Microsoft produces is secure...from their servers to thier games. They all suck.

                              Yeah well thats because bill gates is a greedy basterd who's mind set is quanity, and quality.

                              U know i heard the other day that he wants to put tv's in bathrooms to advertise microsoft.

                                Comment

                                • ck3k
                                  thoughtcriminal
                                  • Jul 2002
                                  • 1350
                                  #9
                                  Mircosoft is always been crap, I run it only because every cool game runs in it, and i need to troubleshoot it for others. I think hotmail just was another failure due to microsofts greed over quality thinking.
                                  ~:CK:~
                                  I would like to meet a 1 to keep my 0 company.

                                    Comment

                                    • Famine
                                      Banned for Being a Fucktard and Asshat
                                      • May 2003
                                      • 36
                                      #10
                                      Yep it is pretty much crap most of the time. But then again if you fuck with it like any OS it can be greatness. Like my 98 machine here.

                                      But like all OS's out there. There is always holes, bugs, and problems that make you punch a wall (If you're messed up like that).

                                      Using any other OS could and prob would be alot better if you set it up right. But you forget the point of my post. If you set it up right. Love your local Bill Gates.

                                      -Famine, the windows user.

                                        Comment

                                        Previous template Next
                                        Working...