Researcher refutes Microsoft's account of hijacked Hotmail passwords: http://www.networkworld.com/news/2009/100709-researcher-refutes-microsofts-account-of.html
"Mary Landesman, a senior security researcher at San Francisco-based ScanSafe, said it's more likely that the massive lists -- which include approximately 30,000 credentials from Hotmail, Gmail, Yahoo Mail and other sources -- were harvested by botnets that infected PCs with keylogging or data stealing Trojan horses. Landesman based her speculation on an accidental find in August of a cache of usernames and passwords, including those from Windows Live ID, the umbrella log-on service that Microsoft offers users to access Hotmail, Messenger and a slew of other online services. That cache contained about 5,000 Windows Live ID username/password combinations, said Landesman, who found the trove while researching a new piece of malware. "From the organization [of that cache] and what the data looked like in raw form, I think it's more likely that this latest was the result of keylogging or data theft, not phishing," Landesman said." --clip-- It would be interesting to see the Sent dates of the spam emails related to this issue. Microsoft says they locked these accounts, but when?? Juha-Matti Juha-Matti Laurio [[email protected]] kirjoitti: > "Scammers have grabbed the Hotmail passwords that leaked to the Web and are > using them in a plot involving a fake Chinese electronics seller > to bilk users out of cash and their credit card information, a security > researcher said today. > > "We've seen a 30% to 40% increase in these types of spam messages in the last > several days," said Patrik Runald, senior manager of Websense's security > research team. > "By 'these types of spam,' I mean messages that are advertising great > consumer electronics bargains, such as cameras and computers."" > --clip-- > > More at > http://www.computerworld.com/s/article/9139092/Scammers_exploit_public_lists_of_hijacked_Hotmail_passwords > > But it was just some days ago when Microsoft announced that it has been > locked these account - during the weekend already... > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
