New flaw discovered in MS Hotmail
Published: 10 May 2000 16:52 BST
Bennett Haselton, Webmaster for Peacefire.org, said the flaw involves sending a user an email with an HTML attachment. When the user clicks on the attachment, the file sends a copy of the user's cookie to the hacker.
Once that cookie is received, the hacker can insert it manually into the Netscape cookies.txt file and use that authentication key to log in to Hotmail as the user. Click here for a description of the trick.
Microsoft, which owns the Hotmail service, could not immediately be reached for comment
Since the cookie does not contain the user's password, the hacker can only access the account when the user is logged on and as long as the authentication code is valid. But Haselton said that five minutes would be long enough for a hacker with a prepared script to download all of a user's email messages.
The trick uses JavaScript to send the cookie. Hotmail filters JavaScript in regular email messages but doesn't filter JavaScript in HTML attachments.
"It's not a trivial bug that has to do with formatting; it's the essential nature of the software," Haselton said. "Hotmail is what all the big hunters set their sights on. ... Most of the free email services can be broken into, and you find a new way to do it every three weeks or so. But it's really scary that hobbyists are the ones who are doing this."
Haselton has discovered several bugs in the past, including a security flaw in the Eudora email program, and a Netscape exploit that allowed Webmasters to view users' bookmarks.
What do you think? Tell the Mailroom. And read what others have said.
Take me to Hackers
Did you find this article useful?
68 out of 159 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
