francis on Tue, 31 Aug 1999 01:24:14 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
<nettime> hotmail-hack |
Hi this is a short summary of Hotmail Hack 9.23 am EDT the message is posted at www.slashdot.org, the origin is unclear. 14.43 CET I became knowlegde of it by a german-speaking mailinglist. On http://www.2038.com/hotmail/ You could enter any username into a form and get accsses to anybodies hotmail data without password. All functions were abled. It was not possible (to the public) to change the password without knowing the old password. 16.00 CET the url www.2038.com/hotmail/ contains the message "microsoft rules", the form doens't work anymore. http://www.2038.com is located in Sweden By typing http://207.82.250.251/cgi-bin/start?curmbox=ACTIVE&js=no&login=ENTERLOGINHERE&passwd=eh%20replace%20ENTERLOGINHERE into the browsers location-field You could still use the bug to see inside the mailboxes. Instead of ENTERLOGINHERE You had to type the username. 18.00 CET Uhr Hotmail ist down 18.30 CET www.2038.com/hotmail/ points to http://www.microsoft.com/security/default.asp 18.50 CET Hotmail is online again, the cgi that allowed to break in, is deactivated Hotmail has 40 million subscribers, it is running on Net-BSD, because the stuff wasn't able to port the system to Win NT, after Micro$oft bought Hotmail. There are rumours that say, the hack was possible through a hack of Microsofts Passport-System (http://www.passport.com) that should be implemented into Hotmail. It is not possible to delete a hotmail-account yourself. It will be deleted automaticly after 90 days of not using/ accesing it. CNN says that the Swedish Newspaper Expressen (http://expressen.se) has first published the Story http://expressen.se/article.asp?id=22383 today. Expressen says that they got the information anonymous. The now appearing question is, how will be the PR-strategies of Microsoft/Hotmail and will there be a reaction on stockmarkets? francis # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: [email protected] and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: [email protected]