A software bug can often lead to a vulnerability that can be exploited with sophisticated exploit code. Or sometimes you can just instal a free add-on that lets you do the same thing with no effort.
A few days ago, Whitec0de reported on a newly found vulnerability in Hotmail’s passwords. It enabled a hacker to take complete control of a user’s Hotmail account – not merely accessing the user’s mail, but preventing access for the legitimate account holder. It effectively stole the user’s entire Hotmail email database – and all the confidential and sensitive data it contains.
The methodology leaked out – it wasn’t difficult. “All hell broke loose,” said Whitec0de, “when a member from a very popular hacking forum offered his service that he can hacked ‘any’ email accounts within a minute.” The going rate was as low as $20 per account.
Yet again a great example why we need more than static passwords. When are we going to learn?????
