Well the how seems "simple"... it's a security hole. In the URL that the little script generates, you can change the password=eh to pasword=xxx, or whatever, and it still works. You can also change the user account name to some other account name and it still works. In Fact, you can have an empty passwd= part in the url and it works....
So basically what think this is, is simply access to a machine that normally users only get directed to once they've gone through the login process. Also, normally the parameters in Hotmail's URL's are encoded or something, but I wouldn't be surprised if what we see encoded in normal Hotmail access decodes to the URL type syntax this script generates.
I just wonder what a CURMBOX is...
If this is true, it just took someone to decipher the url encoding, and voilá.... and knowing MS, it's probably ROT13 or something.
Well, I saw it coming. I was never a friend of web based freemailers, anyway, especially not hotmail. However, it would be interesting to know more details on this hack. Is it just a hotmail problem? What about other freemailers such as yahoo? is there some official statement by hotmail? Inquiring minds would like to know.
A decision like this basically means that evolution theory is not reuired teaching anymore. It means that students, who have problems with the evolution theory (most likely their parents..) will not be required to learn things they find offending, simply to able to pass statewide tests governing the quality of education.
Which is the whole problem. By defining some knowledge as "offending", they can just ignore it, or have it not being taught at school. Sticking one's head in the sand never did anybody any good.
If you allow decisions like this, you will become a nation of religious zealots and bigots. Schools are for scientific education. Churches (or mosques or WHATEVER) are for religion. You need to seperate the two. Religion is what everybody can decide for themselves, but science is universal. Science is the answer to "How?" and religion is the answer to "Why?".
When you mix the two, you get to end up in a place that's not much better than Afghanistan.
Welcome to the 21st century - where the USA will join Iran and Afghanistan in the ranks of Religious Dictatorships.
Afterall, what do we need the quest for truth and scientifc knowledge for if we can substitute religion instead?
What next - Abolish the "theory of gravity" (Afterall no-one can prove how it works) and substitute the "divine will for things to stay attached to the earth" instead, or how about abolishing the idea that the earth is NOT center of the universe (can't be proven either, right?).
When we've done that, we'll start teaching kids again that babies are brought by the stork, that the world IS flat (all those astronauts are just part of the scientific conspiracy), and that it's hollow, too.
And once we've accomplished that, we'll start teaching them that all men are NOT equal afterall. It's just a silly theory someone some day thought of. It's never been proven, right?
And while we're at it, why don't we just start burning everybody at the stake who believes otherwise? I mean, it's good tradition, and besides, if God disagreed with us, he'd let us know.
Way cool man. If they even keep half their promises... I especially like the bit about being able to build your own worlds. This has to rock. I want news like that every morning please!
Then again, there goes my intention to spend more time on "meaningful" things....
"No Games for Linux" begins to sound like a bad joke. World Domination in five years?
Maybe they still earn much, much more than they did in their home country?
On the other hand, they'd have to pay at least twice of what I earn here in Europe to make me move to the US. Kind of like an extra for hazardous duty...
Unauthorized access probably means someone used an open relay. I doubt a spammer would go to the troubles of IP spoofing when there are so many open relays out there...
Since Janet (according to c't - I didn't read the link from slashdot, but since c't and Telepolis are both Heise magazines, I assume the information ids the same:) ) specifically said she was very much against Germany's "free encryption" policy, I wonder what they will do next.
Drop Bombs on Berlin?
Fire Cruise Missiles at Hamburg?
Hack into Chancellor Gerd Schroeder's Bank accounts?
Bomb the German embassy in India due to an ah, outdated map? ("We thought this was Saddam's Palace, and we thought it was Bagdad not New Delhi"..)
Don't get me wrong: I am not trying to critizise NATO's war against Yugoslavia, I firmly believe that dictatorships must be kept in check - There is NO place for genocide in Europe - and also especially when it comes to Nukes and stuff - but I think it's also time for the US to wake up and realize they're not alone on this planet.
Who the fsck gave Janet the right to try and tell OUR elected government what to do about encryption? It's bad enough that Americans are spying on us every day, all days, all times.
"Excuse me, but we just built this multi-billion dollar Echelon thing... It would be really too bad if you all started to encrypt your emails now - You don't want to make life difficult for us, do you?"
It's been known that there would be a Neuromancer movie eventually. I just hope they won't fsck up the story like they did with Johnny Mnemonic. Come to think about it they even screwed up the characters in Johnny. Anyway, the neuromancer.org website seems to be pretty uninfomative.. and boring.
Besides, why does a commercial movie reside at a ".org" domain? Eh?
I don't know, I guess it's okay if they tell GAIM not to use their trademarks. At least the AOL people allow them to continue to develop GAIM so that we finally have a decent AOL IM clone for Linux. I remember back when the only thing available was their JAVA client... It sucked.
I thought these "What is Linux" articles and interviews were starting to get out of fashion again already... Guess I was wrong. The article doesn't really say anything new, does it?
Slashdot Mirror
Well the how seems "simple"... it's a security hole. In the URL that the little script generates, you can change the password=eh to pasword=xxx, or whatever, and it still works. You can also change the user account name to some other account name and it still works. In Fact, you can have an empty passwd= part in the url and it works....
So basically what think this is, is simply access to a machine that normally users only get directed to once they've gone through the login process. Also, normally the parameters in Hotmail's URL's are encoded or something, but I wouldn't be surprised if what we see encoded in normal Hotmail access decodes to the URL type syntax this script generates.
I just wonder what a CURMBOX is...
If this is true, it just took someone to decipher the url encoding, and voilá.... and knowing MS, it's probably ROT13 or something.
Yes, but carry around two devices? ;)
besides, an emulator is mush more geekish.
Holy crap......
Well, I saw it coming. I was never a friend of web based freemailers, anyway, especially not hotmail. However, it would be interesting to know more details on this hack. Is it just a hotmail problem? What about other freemailers such as yahoo? is there some official statement by hotmail? Inquiring minds would like to know.
Evolution is a fact... Just look at the bacteria resistant to antibiotica... Don't tell me it was god's will. ;-)
You are welcome to propose a better theory, and put forth adequate evidence to support it. You might even win a nobel prize that way.
But if your only evidence consists of that Old Testament, you just might find that your theories will not be taken very serious.
Which is the whole problem. By defining some knowledge as "offending", they can just ignore it, or have it not being taught at school. Sticking one's head in the sand never did anybody any good.
If you allow decisions like this, you will become a nation of religious zealots and bigots. Schools are for scientific education. Churches (or mosques or WHATEVER) are for religion. You need to seperate the two. Religion is what everybody can decide for themselves, but science is universal. Science is the answer to "How?" and religion is the answer to "Why?".
When you mix the two, you get to end up in a place that's not much better than Afghanistan.
Well teletubbies ARE evil... Along with Barney, I bet they are the two biggest brain-cell-killers currently on TV. ;-)
You could always lease Kansas to the French for nuclear weapons testing.
...but a giant leap backwards for the entire USA.
Welcome to the 21st century - where the USA will join Iran and Afghanistan in the ranks of Religious Dictatorships.
Afterall, what do we need the quest for truth and scientifc knowledge for if we can substitute religion instead?
What next - Abolish the "theory of gravity" (Afterall no-one can prove how it works) and substitute the "divine will for things to stay attached to the earth" instead, or how about abolishing the idea that the earth is NOT center of the universe (can't be proven either, right?).
When we've done that, we'll start teaching kids again that babies are brought by the stork, that the world IS flat (all those astronauts are just part of the scientific conspiracy), and that it's hollow, too.
And once we've accomplished that, we'll start teaching them that all men are NOT equal afterall. It's just a silly theory someone some day thought of. It's never been proven, right?
And while we're at it, why don't we just start burning everybody at the stake who believes otherwise? I mean, it's good tradition, and besides, if God disagreed with us, he'd let us know.
Way cool man. If they even keep half their promises... I especially like the bit about being able to build your own worlds. This has to rock. I want news like that every morning please!
Then again, there goes my intention to spend more time on "meaningful" things....
"No Games for Linux" begins to sound like a bad joke. World Domination in five years?
It's either "weird" or "wired". Depends on what you're trying to say.
But "wierd" is not a word.
Maybe they still earn much, much more than they did in their home country?
On the other hand, they'd have to pay at least twice of what I earn here in Europe to make me move to the US. Kind of like an extra for hazardous duty...
Unauthorized access probably means someone used
an open relay. I doubt a spammer would go to the
troubles of IP spoofing when there are so many
open relays out there...
They're just another third world dictatorship.
Just happens to be VERY big one and have a couple
of nuclear bombs laying around.
That's all. No less, no more.
He's going to do it gradually. So he will have it all given away by the time he's dead.
It's very easy to be generous in such a way.
He's still evil.
Last time I checked, there was no option to
decide whether you get email or snail mail
notifications.
I seem to have gotten snail mail.
Since Janet (according to c't - I didn't read the link from slashdot, but since c't and Telepolis are both Heise magazines, I assume the information ids the same :) ) specifically said she was very much against Germany's "free encryption" policy, I wonder what they will do next.
Drop Bombs on Berlin?
Fire Cruise Missiles at Hamburg?
Hack into Chancellor Gerd Schroeder's Bank accounts?
Bomb the German embassy in India due to an ah, outdated map? ("We thought this was Saddam's Palace, and we thought it was Bagdad not New Delhi"..)
Don't get me wrong: I am not trying to critizise NATO's war against Yugoslavia, I firmly believe that dictatorships must be kept in check - There is NO place for genocide in Europe - and also especially when it comes to Nukes and stuff - but I think it's also time for the US to wake up and realize they're not alone on this planet.
Who the fsck gave Janet the right to try and tell OUR elected government what to do about encryption? It's bad enough that Americans are spying on us every day, all days, all times.
"Excuse me, but we just built this multi-billion dollar Echelon thing... It would be really too bad if you all started to encrypt your emails now - You don't want to make life difficult for us, do you?"
Heck yes we do.
It's been known that there would be a Neuromancer movie eventually. I just hope they won't fsck up the story like they did with Johnny Mnemonic. Come to think about it they even screwed up the characters in Johnny. Anyway, the neuromancer.org website seems to be pretty uninfomative.. and boring.
Besides, why does a commercial movie reside at a ".org" domain? Eh?
Don't forget ORBS. Check www.orbs.org.
I don't know, I guess it's okay if they tell GAIM
;-)
not to use their trademarks. At least the AOL
people allow them to continue to develop GAIM so that we finally have a decent AOL IM clone for Linux. I remember back when the only thing available was their JAVA client... It sucked.
Greetings to Rob and Jim and the others too.
Besides there are those who might think the US - read Bill Gates - owns enough souls already. ;/
He gets paid by Red Hat, and possibly others, I think.
If you want to know more about the "shadowy" alan cox, just hop over to his website. Be sure to check out the diary, it's fun.
I thought these "What is Linux" articles and interviews were starting to get out of fashion again already... Guess I was wrong.
The article doesn't really say anything new, does it?
Send them some mail from a yahoo account to make sure, should please them ;-)