Hotmail users were subjected to a mass spam attack this weekend, at the same time that it was revealed that a security glitch in the service allowed an attacker to hijack a user's Passport.
vnunet.com readers have reported mass mailings from a single address which managed to sneak past Hotmail's automatic junk mail filter. One user reported receiving over 8000 copies of the same 'Microsoft products at knock down prices' email.
Another user managed to paste the sender's address into the filtering system, but not before he was bombarded by over 1200 mails. "By the time I accessed the blocking filters and pasted in the rogue address I found that I had 1200+ emails. All emails came from one address and Hotmail's junk filter did not stop it," he told vnunet.com.
The discovery of a vulnerability in the Passport authentication system has also put user accounts at risk. Details of a cross scripting attack were published on security sites which would allow a malicious user to hijack the session cookie of another user, effectively stealing their identity.
This attack is known as 'cross site scripting' and, although Microsoft has taken steps to filter out this type of attack, simply encoding the malicious script by replacing some letters with their hex equivalent will sneak the code through any filters. For example 68 is the hex value of h so the server would translate &x68;ttp:// into http://.
Once the attacker is in possession of the user's session cookie he can effectively masquerade as the true user and take control of all his accounts which use the Passport service.
A coder going by the name of Obscure, who wrote a white paper on the attack, said Microsoft has been informed of the situation. It is unclear whether the problem has yet been fixed.
Molybdenum ditelluride is a two-dimensional material that can be easily stacked into multiple layers to create a memory cell
New light-guiding nanoscale device can control and monitor a nanoparticle trapped in a laser beam with high sensitivity
Optical traps are scientific instruments in which a focused laser beam is used to exert an attractive or repulsive force on a microscopic object to hold it in place
Scientists estimate that the exoplanet has already lost up to 35 per cent of its mass over its lifetime
The observations were made using the Atacama Array in the Chilean desert