Comment Re:Hotmail Challenge (Score 2) 88
I think this once more shows how amateurish software is developed at microsoft**. So I would bet some money that there is a second 0-day flaw that is used which does not require to change the password of the user. I don't believe that this password was brute forced, because even microsoft should (now) be able to prevent brute forcing. Or are they not even able to achieve that? Because his account was new it means that many attempts to brute force would have been done in a short period of time, any reasonable system today prevents that...
**I have a little experience with microsoft because we had to support IE in a project. But how IE handles private keys on smart cards is not secure at all (all sessions stay active even card is removed, which was a absolute no-go in this project). Answer from microsoft after needing weeks (and much communication overhead) to confirm the flaw: it will not be fixed before IE 11.
**I have a little experience with microsoft because we had to support IE in a project. But how IE handles private keys on smart cards is not secure at all (all sessions stay active even card is removed, which was a absolute no-go in this project). Answer from microsoft after needing weeks (and much communication overhead) to confirm the flaw: it will not be fixed before IE 11.