[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Nochemal: hotmail-hack

>Hi this is a short summary of Hotmail Hack
>
>9.23 am EDT the message is posted at www.slashdot.org, the origin is
>unclear. 
>
>14.43 CET I became knowlegde of it by a german-speaking mailinglist. On
>http://www.2038.com/hotmail/ You could enter any username into a form and
>get accsses to anybodies hotmail data without password. All functions were
>abled. It was not possible (to the public) to change the password without
>knowing the old password.
>
>16.00 CET the url www.2038.com/hotmail/ contains the message "microsoft
>rules", the form doens't work anymore. http://www.2038.com is located in
>Sweden
>
>By typing
>http://207.82.250.251/cgi-bin/start?curmbox=ACTIVE&js=no&login=ENTERLOGINHE
RE&passwd=eh%20replace%20ENTERLOGINHERE
>into the browsers location-field You could still use the bug to see inside
>the mailboxes. Instead of ENTERLOGINHERE You had to type the username. 
>
>18.00 CET Uhr Hotmail ist down
>
>18.30 CET www.2038.com/hotmail/ points to
>http://www.microsoft.com/security/default.asp
>
>18.50 CET Hotmail is online again, the cgi that allowed to break in, is
>deactivated
>
>Hotmail has 40 million subscribers, it is running on Net-BSD, because the
>stuff wasn't able to port the system to Win NT, after Micro$oft bought
>Hotmail. There are rumours that say, the hack was possible through a hack
>of Microsofts Passport-System (http://www.passport.com)  that should be
>implemented into Hotmail. 
>
>It is not possible to delete a hotmail-account yourself. It will be
>deleted automaticly after 90 days of not using/ accesing it. 
>
>CNN says that the Swedish Newspaper Expressen (http://expressen.se) has
>first published the Story http://expressen.se/article.asp?id=22383 today.
>Expressen says that they got the information anonymous. 
>
>The now appearing question is, how will be the PR-strategies of
>Microsoft/Hotmail and will there be a reaction on stockmarkets? 
>