-Caveat Lector- http://www.msnbc.com/snap/306093.asp Hotmail accounts compromised Web page apparently let visitors see thousands of personal e-mail account without a password MSNBC Aug. 30 � Personal e-mail accounts hosted at Microsoft's Hotmail.com have been compromised, allowing virtually anyone to access a Hotmail account without a password. Thanks to the work of a computer hacker, viewers visiting at least three Web sites, and possibly more, were able to view personal e-mail accounts simply by entering a hotmail user name. Microsoft says it has plugged the security hole, and the Web pages set up with the exploit no longer work. But the exploit itself still worked as of 3:30 p.m. ET. JUST HOW LONG Hotmail e-mails have been compromised was not immediately known. While Microsoft says it fixed the problem and restored Hotmail service at 10 a.m. PT, a reader showed MSNBC that with a slight variation, the vulnerability still worked as of 12:30 PT. The Web sites which made reading Hotmail accounts particularly easy no longer worked, however. One of the mirror sites for the hack was registered to Erik Barkel, of Stockholm, Sweden. In response to an e-mail sent to the site, a writer with the alias "erikb" told MSNBC: "I didn't code the thing. I did host a mirror of it. The mirror is gone. Thank you." That author also said the story was originally broken by a Swedish Web site, Expressen.se. He said the original site for the hack was hosted by a Web site ending in .uz, which indicates it was located in Uzbekistan. The administrator of another mirror site told MSNBC the hack was just one line of computer code � a single URL, really � which could be entered into any Web browser. He said the exploit took advantage of Microsoft's new Passport feature, which allows users to click through MSN sites without having to log on separately at each site. (Microsoft is a partner in MSNBC.) A spokesperson from Microsoft said the company heard about the problem through European press early Monday morning Pacific time. It confirmed the problem, them shut down Hotmail servers until the hole could be closed. "We have determined that it was possible for a malicious hacker with very specific knowledge of advanced Web development languages to gain access to Hotmail services," the spokesperson said. She said the issue was resolved and Hotmail was back online at 1 p.m. Eastern on Monday. The source code for creating a copycat of the Hotmail hack Web site was readily available, and at least one mirror version of it was still up at 3:30 p.m. ET. The hack no longer worked, however. In an obvious sarcastic jab, visitors to the original Hotmail hack site are now being redirected to Microsoft's security bulletin Web site. The Hotmail site appeared to be functioning normally at midday Monday, and there was no mention of the break-in. DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance�not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
