Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hotmail Hacked

Posted by ryuzaki0 on from the it-happened-again dept.

SyD writes " Apparently there is a major security hole on Hotmail that could allow crackers to read your e-mail. A hacking group known as root core discovered the hole and reported it to Microsoft. " This isn't the first time that the folks who are gonna give us a internet wide universal login system had a hole. The funny part is that I posted a story almost exactly like this like 2 years ago, and about once a week, someone emails me and says "I think my boyfriend/girlfriend is cheating on me and I really need to know the backdoor into hotmail to find out". No I'm not kidding. You can't make that stuff up.

19 of 494 comments (clear)

  1. Oh no! by Mr.+Sketch · · Score: 1, Funny

    Now someone ELSE will have to read all my spam too, oh darn. They'd better fix that quick.

    --
    Things you think are in the Constitution, but are not.
  2. Again? by SilLumTao · · Score: 3, Funny
    Apparently there is a major security hole on Hotmail that could allow crackers to read your e-mail.


    Score: -1, Redundant

    --
    "He was a wise man who invented beer." -- Plato
  3. Average person? by Chagrin · · Score: 5, Funny

    • "The average person in the street doesn't need to worry, as they would have to be specifically targeted," said Graham Cluley, an Internet security expert with antivirus firm Sophos.

    I suppose the quux is whether I'm an "average person" or not. I think I'll go stand in the street to hedge my bets.
    --

    I/O Error G-17: Aborting Installation

  4. The details of the hole... by kcbrown · · Score: 5, Funny

    % telnet www.hotmail.com 80
    Trying 64.4.43.7...
    Connected to 64.4.43.7.
    Escape character is '^]'.
    GET /root.exe
    What is thy bidding, my master?


    Guess they haven't gotten rid of Code Red yet! :-)

    (For the humor impaired: no, I did not actually do the telnet session.)
    --
    Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
  5. PLEASE! by plemeljr · · Score: 2, Funny

    * Will someone please think of the children! *

    --

    Please email all complaints to root@127.0.0.1 and the issue will be dealt with in due time.
  6. Microsoft's response... by ddstreet · · Score: 5, Funny
    ...is priceless:


    "However," Microsoft said, "we recognize the concerns raised in the computational infeasibility of this mechanism and are investigating ways that we can raise this bar even higher."


    Like Taco said...you just can't make this stuff up. That response is just too funny.

    1. Re:Microsoft's response... by Balinares · · Score: 4, Funny

      That's it. We can quit MS bashing, people. They do a better job of it on their own anyway. ;)

      --

      -- B.
      This sig does in fact not have the property it claims not to have.
  7. Oh crap! by fobbman · · Score: 3, Funny

    Thanks to Hotmail there are going to be a number of people out there now using my name to get valuable college degrees over the `net.


    Hopefully they'll be good sports and also get me a lower interest rate on my home.

  8. Here's another way by Srin+Tuar · · Score: 5, Funny


    1. Log into hotmail normally.


    2. Type in this link:

    http://pv2fd.pav2.hotmail.msn.com/default.ida?XX XX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858
    %ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858 %u cbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u53
    1b%u53ff%u0078%u0000%u00=a HTTP/1.0

  9. Very secret information.... by thrillbert · · Score: 5, Funny

    I know that /. will probably get a nasty email asking them to remove this post, but I just feel the need to post this bit of information:

    NOTE: By following these directions you will be breaking the law.
    while (in_car(use *right_foot))\
    push(($pedal) to go [@REALLY_FAST]);

    I have had this information in my head for years, but felt it was time to inform the rest of you how to do it. Now I know I will be pursued by lawyers attempting to utilize the DMCA against me for revealing this information that the vehicle manufacturers did not want you to know... such is the life of a hacker...

  10. You've got mail! by fmaxwell · · Score: 5, Funny

    AOL: You've got mail!
    Hotmail: You've got someone else's mail!

  11. Re:Informative - More like criminal action actuall by iggly_iguana · · Score: 2, Funny

    No, your not a lawyer, your an anonymous coward!

  12. H1, H0W 4R3 Y0U? by pdiaz · · Score: 2, Funny

    1 53nd y0u th15 m41l 1n 0rd3r t0 0wn y0ur h0m41il
    4cc0unt!

    (I just could'n resist :-)

    --
    Make It Secret . Free JavaScript implementation of AES for your browser
  13. decoding hotmail message numbers by dpilot · · Score: 3, Funny

    But when you start to consider that the super-duper-top-secret algorithm for encoding message numbers constitutes "encryption" according to some, then it's protected under the DMCA.

    You have just published a "Circumvention Algorithm."

    Shame on you. No doubt the FBI is on their way to your house to slap you on the wrists with wet noodles. Oops, I mean slap you in irons. The wet noodles are for Microsoft under the new Punitive Actions for the antitrust suit.

    --
    The living have better things to do than to continue hating the dead.
  14. "hacker" vs. "cracker": something to consider. by Wakko+Warner · · Score: 5, Funny

    Does anyone else think that "crackers can read your email" is something Chef from South Park would say?

    CHEF: Now, children, don't leave your computer on when you're not around! Crazy crackers can read your email!

    STAN: Holy crap!

    CARTMAN: You guys are so lame.

    - A.P.

    --
    "Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
  15. Re:How my friend had his hotmail acct hacked... by archen · · Score: 2, Funny

    actually, that's why I always lie to answers of questions like that. Typically I have a smart ass answer that i would probably only think of.

  16. Re:No no no by neuromortis · · Score: 2, Funny

    No kidding. Yeah, every time I feel like doing something that could be potentially illegal I always use my own Hotmail account. And of course I've put my name, home address, and phone number into this account's information. Not to mention the fact that I'll do it from my home or office computer with a nice and easily traceable IP back to me.

    Other tidbits I liked:

    In order for intruders to access a Hotmail user's emails, they would need to know the victim's user name and then guess the number that identifies a specific email message.

    Lessee now, who would most people be targeting: random users or specific family, friends, or enemies who they already have an address for? Not to mention the thousands, if not millions, of Hotmail addresses that could be reaped with a simple search.

    "The average person in the street doesn't need to worry, as they would have to be specifically targeted," said Graham Cluley, an Internet security expert with antivirus firm Sophos.

    Hey, Average Joe! Got any enemies who might be interested in reading your mail?

    Root Core has posted on its website a scanning program that automatically guesses about one message number every second. But security experts said the program's impact is limited because, in order to work, an intruder would need to have a fast Internet connection and know how often the targeted victim checks their email account.

    I wonder how many script kiddies are out there sitting next to their cable or DSL modems sniggering into their milk right now?

    ----------

    Digital Pants...ACTIVATE!

    --

    I build model citizens.
  17. Now you can be a hacker too by RPoet · · Score: 3, Funny

    Just read this l33t article on "How To Become a Hacker", and you'll be hacking into people's mail before you know it!

    --
    "Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
  18. I wish .... by Anonymous Coward · · Score: 1, Funny

    I wish the Slashdot articles showed the year in the date. I can't tell if this is a new article, or if it is a repost from last year.