Slashdot Mirror
Hotmail Hacked
SyD writes " Apparently there is a major security hole on Hotmail that could allow crackers to read your e-mail. A hacking group known as root core discovered the hole and reported it to Microsoft. " This isn't the first time that the folks who are gonna give us a internet wide universal login system had a hole. The funny part is that I posted a story almost exactly like this like 2 years ago, and about once a week, someone emails me and says "I think my boyfriend/girlfriend is cheating on me and I really need to know the backdoor into hotmail to find out". No I'm not kidding. You can't make that stuff up.
Isn't this *after* they started moving a lot of servers to windoze from FreeBSD
:)
Yes, probably flame bait...it's in the hostmail system...so no blame on the OS
Chaos, Mayhem, and Destruction: Not
I don't mean to be a stick in the mud but this information clearly lays out how to hack into a privately owned computer system. This is illegal in most countries and as such whilst Slashdot don't censor their posters (free speech is something i'm all for) allowing this to be moderated up shows the sort of people that this site is being controlled by - and a smart lawyer could argue that the promotion of this item constitues the marketing and or distribution of this illegal material thus making slashdot and its owners accesories after the fact to a crime (yes hacking is a criminal offence with jail terms)
Just a point - now if you guys have a brain you will mod this back down or remove it - i think its an interstin post but i would encourage the users NOT to post full exploits but a link to a page (use geotcities or someone similar) off site - as you cannot be held responsible for it (pretty disclaimers aside you are legally responsible for the content here - its just that no one has decided to pursue it yet)
YES I AM A LAWYER
oh and by the way, i am a karma whore...isn't everyone?
I'm not.. Karma This!
I know the domain will show up, I'm not attempting to hide it. No obfusication with google's translations or whatever. I just wanted to show you not everyone really cares about karma.
(Plus I just once wanted to post a goat link.. Scratch that one off the list of things to do before I kill everyone.)
For a good time call www.sawkie.com
Yes, perhaps one unfortunate day it will be illegal to explain security vulnerabilities in depth, but until then there's little wrong in supporting open disclosure. Security through obscurity doesn't work.
Please explain to me how open disclosure of the details of how this hack is performed helps in this case. This is a closed system. Knowing the details of how the hack is performed doesn't help anyone in the general population fix this problem. It just allows malicious people to invade other people's privacy.
I can understand posting that the bug exists, and general information so that people have an idea if their information is at risk. I think it's great when white hat hackers let a company know that they've got a security hole, and give them a chance to close it. If they don't make an effort to close it, then there may be some justification to full disclosure.
However, claiming you've wearing a white hat while feeding the script kiddies info, when there's no real possitive effect is a load of bull. These people need to learn the difference between helping others and feeding their own egos.
The slashdot community often seems to get up in arms because the media doesn't understand the difference between a hacker and a cracker. Maybe the media can't figure out the difference, because the hackers and crackers can't figure out the difference either.
Oh sure, next thing you'll tell that santa claus isn't real!