francis on Tue, 31 Aug 1999 01:24:14 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> hotmail-hack


Hi this is a short summary of Hotmail Hack

9.23 am EDT the message is posted at www.slashdot.org, the origin is
unclear. 

14.43 CET I became knowlegde of it by a german-speaking mailinglist. On
http://www.2038.com/hotmail/ You could enter any username into a form and
get accsses to anybodies hotmail data without password. All functions were
abled. It was not possible (to the public) to change the password without
knowing the old password.

16.00 CET the url www.2038.com/hotmail/ contains the message "microsoft
rules", the form doens't work anymore. http://www.2038.com is located in
Sweden

By typing
http://207.82.250.251/cgi-bin/start?curmbox=ACTIVE&js=no&login=ENTERLOGINHERE&passwd=eh%20replace%20ENTERLOGINHERE
into the browsers location-field You could still use the bug to see inside
the mailboxes. Instead of ENTERLOGINHERE You had to type the username. 

18.00 CET Uhr Hotmail ist down

18.30 CET www.2038.com/hotmail/ points to
http://www.microsoft.com/security/default.asp

18.50 CET Hotmail is online again, the cgi that allowed to break in, is
deactivated

Hotmail has 40 million subscribers, it is running on Net-BSD, because the
stuff wasn't able to port the system to Win NT, after Micro$oft bought
Hotmail. There are rumours that say, the hack was possible through a hack
of Microsofts Passport-System (http://www.passport.com)  that should be
implemented into Hotmail. 

It is not possible to delete a hotmail-account yourself. It will be
deleted automaticly after 90 days of not using/ accesing it. 

CNN says that the Swedish Newspaper Expressen (http://expressen.se) has
first published the Story http://expressen.se/article.asp?id=22383 today.
Expressen says that they got the information anonymous. 

The now appearing question is, how will be the PR-strategies of
Microsoft/Hotmail and will there be a reaction on stockmarkets? 


francis


#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: [email protected] and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: [email protected]