All the latest UK technology news, reviews and analysis
|
|
|
09 Jun 2005
Microsoft has blocked a website that could allow Hotmail accounts to be hijacked.
The problem stems from a cross-site scripting flaw in an MSN web page, ilovemessenger.msn.com, that allowed hackers to gather data on Hotmail accounts by building a special web page and getting users to click on the URL.
Microsoft has now shut down the web page and is investigating the problem.
"Our initial investigation suggests that an attacker may have been able to take advantage of this issue to obtain user cookies by enticing a user to click on a malicious URL that would then allow the attacker to access a user's Hotmail account," said the company in a statement.
"Microsoft will restore the 'I Love Messenger' website once the investigation is complete and the issue has been resolved. Users attempting to connect to the website are currently being redirected to www.messenger.msn.com."
Dutch student Alex de Vries, also known as 'Eierkoek', found the problem and shared the information with computer security enthusiasts on 4 June.
"With this exploit you can access other people's mailboxes, view their contacts and much more," he said.
"All that needs to be done is to send this user an email with a link/URL to an internet page you created. When the user clicks on this URL, his inbox is all yours."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Desktop Support Manager 3 month contract - to start...
/ Programme Manager / 45k / Significant benefits / London...
Automation Test Manager Selenium London 75k Automation...
Mitel 3300 Engineer Key skills Mitel 3300...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
woke up this afternoon, with an "Delivery Status Notification (Failure)"
except I didn't write anyone.......... and the message was spam. I sincerely hope the microsoft people, take these guys to court, and settles with them for billions of dollars. git em' microsoft can make alot of money off of this, or at least pay the salaries of their lawyer teams for a couple of years with this. I say, sure fix the flaws. but definitely go after the people that would inflict their virus on us.
Posted by: charles kafka 14 Mar 2007
please help me
by_red@hotmail.com this my old mail adress please give it because nefretonline hack my adress i can speak english but nut verywell ok help me please
Posted by: red 03 Jul 2006
Root Core
How successful is Root Core and how confidential is our E-Mail address? Please inform Kind Regards
Posted by: Alwyn winfield 13 Jun 2006
lost e-mail address
I am a hotmail user but have lost viewing my any of my e-mail,also my e-mail address. has anybody got a soulution to this problem Thank you for your attention
Posted by: Ann Desuze 04 Aug 2005