Wednesday, 2 May 2012

Want someone else’s Hotmail account

A software bug can often lead to a vulnerability that can be exploited with sophisticated exploit code. Or sometimes you can just instal a free add-on that lets you do the same thing with no effort.

A few days ago, Whitec0de reported on a newly found vulnerability in Hotmail’s passwords. It enabled a hacker to take complete control of a user’s Hotmail account – not merely accessing the user’s mail, but preventing access for the legitimate account holder. It effectively stole the user’s entire Hotmail email database – and all the confidential and sensitive data it contains.

The methodology leaked out – it wasn’t difficult. “All hell broke loose,” said Whitec0de, “when a member from a very popular hacking forum offered his service that he can hacked ‘any’ email accounts within a minute.” The going rate was as low as $20 per account.

Yet again a great example why we need more than static passwords. When are we going to learn?????
Copyright 2009 Jason Hart. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan