A software bug can often lead to a vulnerability that can be exploited with sophisticated exploit code. Or sometimes you can just instal a free add-on that lets you do the same thing with no effort.
A few days ago, Whitec0de reported on a newly found vulnerability in Hotmail’s passwords. It enabled a hacker to take complete control of a user’s Hotmail account – not merely accessing the user’s mail, but preventing access for the legitimate account holder. It effectively stole the user’s entire Hotmail email database – and all the confidential and sensitive data it contains.
The methodology leaked out – it wasn’t difficult. “All hell broke loose,” said Whitec0de, “when a member from a very popular hacking forum offered his service that he can hacked ‘any’ email accounts within a minute.” The going rate was as low as $20 per account.
Yet again a great example why we need more than static passwords. When are we going to learn?????
1 comments:
For "completeness" it may be worth adding a note / link to the update from Microsoft indicating they fixed the password reset vulnerability :
https://twitter.com/#!/msftsecresponse/status/195568235654021121
"On Friday we addressed a reset function incident to help protect Hotmail customers, no action needed"
Post a Comment