Hotmail Hacked 494
SyD writes " Apparently there is a major security hole on Hotmail that could allow crackers to read your e-mail. A hacking group known as root core discovered the hole and reported it to Microsoft. " This isn't the first time that the folks who are gonna give us a internet wide universal login system had a hole. The funny part is that I posted a story almost exactly like this like 2 years ago, and about once a week, someone emails me and says "I think my boyfriend/girlfriend is cheating on me and I really need to know the backdoor into hotmail to find out". No I'm not kidding. You can't make that stuff up.
Oh no! (Score:1, Funny)
Again? (Score:3, Funny)
Score: -1, Redundant
Average person? (Score:5, Funny)
"The average person in the street doesn't need to worry, as they would have to be specifically targeted," said Graham Cluley, an Internet security expert with antivirus firm Sophos.
I suppose the quux is whether I'm an "average person" or not. I think I'll go stand in the street to hedge my bets.
The details of the hole... (Score:5, Funny)
Guess they haven't gotten rid of Code Red yet!
(For the humor impaired: no, I did not actually do the telnet session.)
PLEASE! (Score:2, Funny)
Microsoft's response... (Score:5, Funny)
"However," Microsoft said, "we recognize the concerns raised in the computational infeasibility of this mechanism and are investigating ways that we can raise this bar even higher."
Like Taco said...you just can't make this stuff up. That response is just too funny.
Oh crap! (Score:3, Funny)
Thanks to Hotmail there are going to be a number of people out there now using my name to get valuable college degrees over the `net.
Hopefully they'll be good sports and also get me a lower interest rate on my home.
Here's another way (Score:5, Funny)
1. Log into hotmail normally.
2. Type in this link:
http://pv2fd.pav2.hotmail.msn.com/default.ida?XX XX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
X XX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
X XX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858
8 %u cbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u53
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u685
1b%u53ff%u0078%u0000%u00=a HTTP/1.0
Very secret information.... (Score:5, Funny)
NOTE: By following these directions you will be breaking the law.
while (in_car(use *right_foot))\
push(($pedal) to go [@REALLY_FAST]);
I have had this information in my head for years, but felt it was time to inform the rest of you how to do it. Now I know I will be pursued by lawyers attempting to utilize the DMCA against me for revealing this information that the vehicle manufacturers did not want you to know... such is the life of a hacker...
Comment removed (Score:5, Funny)
Re:Microsoft's response... (Score:4, Funny)
Re:Informative - More like criminal action actuall (Score:2, Funny)
H1, H0W 4R3 Y0U? (Score:2, Funny)
4cc0unt!
(I just could'n resist
decoding hotmail message numbers (Score:3, Funny)
You have just published a "Circumvention Algorithm."
Shame on you. No doubt the FBI is on their way to your house to slap you on the wrists with wet noodles. Oops, I mean slap you in irons. The wet noodles are for Microsoft under the new Punitive Actions for the antitrust suit.
"hacker" vs. "cracker": something to consider. (Score:5, Funny)
CHEF: Now, children, don't leave your computer on when you're not around! Crazy crackers can read your email!
STAN: Holy crap!
CARTMAN: You guys are so lame.
- A.P.
Re:How my friend had his hotmail acct hacked... (Score:2, Funny)
Re:No no no (Score:2, Funny)
No kidding. Yeah, every time I feel like doing something that could be potentially illegal I always use my own Hotmail account. And of course I've put my name, home address, and phone number into this account's information. Not to mention the fact that I'll do it from my home or office computer with a nice and easily traceable IP back to me.
Other tidbits I liked:
In order for intruders to access a Hotmail user's emails, they would need to know the victim's user name and then guess the number that identifies a specific email message.
Lessee now, who would most people be targeting: random users or specific family, friends, or enemies who they already have an address for? Not to mention the thousands, if not millions, of Hotmail addresses that could be reaped with a simple search.
"The average person in the street doesn't need to worry, as they would have to be specifically targeted," said Graham Cluley, an Internet security expert with antivirus firm Sophos.
Hey, Average Joe! Got any enemies who might be interested in reading your mail?
Root Core has posted on its website a scanning program that automatically guesses about one message number every second. But security experts said the program's impact is limited because, in order to work, an intruder would need to have a fast Internet connection and know how often the targeted victim checks their email account.
I wonder how many script kiddies are out there sitting next to their cable or DSL modems sniggering into their milk right now?
----------
Digital Pants...ACTIVATE!
Now you can be a hacker too (Score:3, Funny)
I wish .... (Score:1, Funny)