francis on Mon, 30 Aug 1999 20:47:20 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Syndicate: hotmail hack (2)


Hi this is a short summary of Hotmail Hack



9.23 am EDT the message is posted at www.slashdot.org, the origin is
unclear.

14.43 CET I became knowlegde of it by a german-speaking mailinglist. On
http://www.2038.com/hotmail/ You could enter any username into a form
and get accsses to anybodies hotmail data without password. All
functions were abled. It was not possible (to the public) to change the
password without knowing the old password. 

16.00 CET the url www.2038.com/hotmail/ contains the message "microsoft
rules", the form doens't work anymore. http://www.2038.com is located in
Sweden

By typing
http://207.82.250.251/cgi-bin/start?curmbox=ACTIVE&js=no&login=ENTERLOGINHERE&passwd=eh%20replace%20ENTERLOGINHERE
into the browsers location-field You could still use the bug to see
inside the mailboxes. Instead of ENTERLOGINHERE You had to type the
username.

18.00 CET Uhr Hotmail ist down

18.30 CET www.2038.com/hotmail/ points to
http://www.microsoft.com/security/default.asp

18.50 CET Hotmail is online again, the cgi that allowed to break in, is
deactivated


Hotmail has 40 million subscribers, it is running on Net-BSD, because
the stuff wasn't able to port the system to Win NT, after Micro$oft
bought Hotmail. There are rumours that say, the hack was possible
through a hack of Microsofts Passport-System (http://www.passport.com)
that should be implemented into Hotmail.
It is not possible to delete a hotmail-account yourself. It will be
deleted automaticly after 90 days of not using/ accesing it.

CNN says that the Swedish Newspaper Expressen (http://expressen.se) has
first published the Story http://expressen.se/article.asp?id=22383
today. Expressen says that they got the information anonymous.


The now appearing question is, how will be the PR-strategies of
Microsoft/Hotmail and will there be a reaction on stockmarkets?


francis
------Syndicate mailinglist--------------------
 Syndicate network for media culture and media art
 information and archive: http://www.v2.nl/syndicate
 to unsubscribe, write to <syndicate-request@aec.at>
 in the body of the msg: unsubscribe your@email.adress