Hackers hit Hotmail hole

Underground hacker site root-core.com has released a graphical exploit tool for sneaking a glimpse at other users' Hotmail accounts.

The tool apparently exploits a glitch in the service which allows users to guess the message numbers of other people's accounts. Although slow going, the method can be quite effective and the development of a GUI tool, Hobo, has made hacking Hotmail even easier.

When logged into your Hotmail account, the URL displays a message number for the appropriate message you are viewing, and the username. By tinkering with these, it's possible to hit on an existing username and message number combination. This allows you to view, but not modify, other users' messages.

Hobo just simplifies the process of trying to exploit the URLs manually. It will only hit on a correct combination every now and again but, in the meantime, it promises to provide script kiddies and the technically curious with hours of entertainment.

Microsoft is aware of the hole, so it is not expected to remain for very long.

A detailed description of the hack can be found here, and the scanner can be found here.