[117905] in Cypherpunks
New Hotmail hole
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Tue Sep 14 19:10:39 1999
Mime-Version: 1.0
Message-Id: <v042101c1b40480992ecc@[204.167.108.57]>
Date: Tue, 14 Sep 1999 18:46:09 -0400
To: cypherpunks@cyberpass.net, cryptography@c2.net
From: Robert Hettinga <rah@shipwright.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Reply-To: Robert Hettinga <rah@shipwright.com>
--- begin forwarded text
Resent-Date: Tue, 14 Sep 1999 11:57:39 -0600 (MDT)
From: gkm@substance.abuse.blackdown.org (glen mccready)
To: 0xdeadbeef@substance.abuse.blackdown.org
Subject: New Hotmail hole
Date: Tue, 14 Sep 1999 13:56:13 -0400
Sender: gkm@HSE-Toronto-ppp68682.sympatico.ca
Resent-From: 0xdeadbeef@substance.abuse.blackdown.org
Resent-Sender: 0xdeadbeef-request@substance.abuse.blackdown.org
Resent-Bcc:
Forwarded-by: Jamie McCarthy <jamie@mccarthy.org>
A new security hole in Hotmail has been discovered.
http://dailynews.yahoo.com/h/zd/19990913/tc/19990913248.html
Is this a purely theoretical hole or one that can only be used by
crackers to attack users? The answer, unfortunately, is the
latter: correctly written Javascript programs can, at the least,
raid users' inboxes.
Microsoft is not claiming ownership of this latest problem. "This
is not a Hotmail security issue. We see it as an example of people
encouraging users to run malicious code on the Web," a Microsoft
spokesperson said.
"To protect yourself now, you can disable Javascript, just disable
it before using Hotmail, or do not open mail from unknown people
when you think it might contain Javascript," the spokesperson
added.
--- end forwarded text
-----------------
Robert A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'