[9261] in bugtraq
Re: Microsoft Hotmail
daemon@ATHENA.MIT.EDU (Christopher Seawood)
Wed Jan 27 15:45:48 1999
Date: Tue, 26 Jan 1999 15:08:16 -0800
Reply-To: Christopher Seawood <cls@SEAWOOD.ORG>
From: Christopher Seawood <cls@SEAWOOD.ORG>
X-To: "Daniel P. Stasinski" <dannys@KAREMOR.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <36ADFD04.1FD6375D@karemor.com>
On Tue, 26 Jan 1999, Daniel P. Stasinski wrote:
> I contacted Microsoft/Hotmail asking them to close the account
> of that was listed in the backdoored tcp wrapper source code.
> I also forwarded the offending code.
>
> The word back from them is that they will not close it. Theft
> of passwords and hacking does not violate thier terms of
> service.
It doesn't? I don't have a hotmail account but I ran across the following:
http://www.hotmail.com/cgi-bin/dasp/fm_shell.asp?head=Policy+and+Member+Conduct&content=nospam&back=svcs&from=svcs
"The following is extracted from the Hotmail Terms of Service Agreement to
which each Hotmail member must adhere. "
"Member agrees: ... (2) not to use the Service for illegal purposes"
"Attempts to gain unauthorized access to other computer systems are
prohibited."
It sounds like cracking (not hacking) is definitely a violation of their
service agreement. The real question is whether the receipt of the
passwords is the same as the (illegal) use of the passwords. A lot of
admins will want to say yes (because of the security compromise) but I
doubt the law sees it the same way. (Wasn't there a case recently in
Norway that covered this?)
- cls
