[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Nochemal: hotmail-hack
- To: debate@fitug.de
- Subject: Nochemal: hotmail-hack
- From: Heiko Recktenwald <uzs106@ibm.rhrz.uni-bonn.de>
- Date: Wed, 01 Sep 1999 16:18:55 +0200
- Comment: This message comes from the debate mailing list.
- Sender: owner-debate@fitug.de
>Hi this is a short summary of Hotmail Hack
>
>9.23 am EDT the message is posted at www.slashdot.org, the origin is
>unclear.
>
>14.43 CET I became knowlegde of it by a german-speaking mailinglist. On
>http://www.2038.com/hotmail/ You could enter any username into a form and
>get accsses to anybodies hotmail data without password. All functions were
>abled. It was not possible (to the public) to change the password without
>knowing the old password.
>
>16.00 CET the url www.2038.com/hotmail/ contains the message "microsoft
>rules", the form doens't work anymore. http://www.2038.com is located in
>Sweden
>
>By typing
>http://207.82.250.251/cgi-bin/start?curmbox=ACTIVE&js=no&login=ENTERLOGINHE
RE&passwd=eh%20replace%20ENTERLOGINHERE
>into the browsers location-field You could still use the bug to see inside
>the mailboxes. Instead of ENTERLOGINHERE You had to type the username.
>
>18.00 CET Uhr Hotmail ist down
>
>18.30 CET www.2038.com/hotmail/ points to
>http://www.microsoft.com/security/default.asp
>
>18.50 CET Hotmail is online again, the cgi that allowed to break in, is
>deactivated
>
>Hotmail has 40 million subscribers, it is running on Net-BSD, because the
>stuff wasn't able to port the system to Win NT, after Micro$oft bought
>Hotmail. There are rumours that say, the hack was possible through a hack
>of Microsofts Passport-System (http://www.passport.com) that should be
>implemented into Hotmail.
>
>It is not possible to delete a hotmail-account yourself. It will be
>deleted automaticly after 90 days of not using/ accesing it.
>
>CNN says that the Swedish Newspaper Expressen (http://expressen.se) has
>first published the Story http://expressen.se/article.asp?id=22383 today.
>Expressen says that they got the information anonymous.
>
>The now appearing question is, how will be the PR-strategies of
>Microsoft/Hotmail and will there be a reaction on stockmarkets?
>