Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hotmail Hacked

Posted by ryuzaki0 on from the it-happened-again dept.

SyD writes " Apparently there is a major security hole on Hotmail that could allow crackers to read your e-mail. A hacking group known as root core discovered the hole and reported it to Microsoft. " This isn't the first time that the folks who are gonna give us a internet wide universal login system had a hole. The funny part is that I posted a story almost exactly like this like 2 years ago, and about once a week, someone emails me and says "I think my boyfriend/girlfriend is cheating on me and I really need to know the backdoor into hotmail to find out". No I'm not kidding. You can't make that stuff up.

4 of 494 comments (clear)

  1. It's not quite so bad by Imperator · · Score: 4, Informative

    You need to guess the message ID, a longish string based on a timestamp and another number. And once you do that, you still can't read other messages from that account unless you guess them separately. You could try brute-forcing the message IDs, of course, but then you're relying on a fast connection (I believe there are 60 possible message IDs per second, and you rarely know exactly when a message was processed anyway) and fast servers. Besides, after all this, you'll probably find that all the target account's real mail was automatically deleted to make room for WinXP.iso.bat, attached to a message asking for advice.

    --

    Gates' Law: Every 18 months, the speed of software halves.
  2. Big Surprise - More info... by tre · · Score: 4, Informative

    blah blah, we expect this from MS... blah blah, when will they get their act together...

    This was already posted to BugTraq not too long ago. For a more technical breakdown of the details surrounding the Hotmail vulnerability, go here:

    http://www.securityfocus.com/archive/1/205785

    --

    - tre
    http://piclabs.com
  3. Re:here's the instructions how to do it by dudle · · Score: 5, Informative
    I just can't believe you quote an entire email and don't give credit to the author. That's just plain wrong.

    My guess is you are a karma whore, nothing more. Now I may be wrong, you might be the actual author. In this case, let us know.

    /. sucks. FYI, the original foundings where from

    Research by wAwAsAn4
    wAwAsAn4@root-core.com
     Web: www.root-core.com
    Email: [Digital-Vortex]@securityfocus.com

    Voila.

    --
    Looking for a great online backup: Green Backup
  4. Ugly VB Code... yeechhh by Lizard_King · · Score: 5, Informative

    you can download the hobo4 program, written by the folks at Root Core to automate this vulnerability here. Warning about the code however:

    a) it's in VB

    b) you'll see methods like this:

    Public Sub ii(MSG As String)

    l_info.Caption = ">" & MSG

    End Sub

    are there no coding standards even among hacks?

    --
    "My mother never saw the irony in calling me a son-of-a-bitch." - Jack Nicholson