fxbar - Slashdot User

Comment Re:Hotmail Challenge (Score 2) 88

by fxbar on Friday April 27, 2012 @11:18AM (#39821429) Attached to: Microsoft Patches Major Hotmail 0-day Flaw After Widespread Exploitation

I think this once more shows how amateurish software is developed at microsoft**. So I would bet some money that there is a second 0-day flaw that is used which does not require to change the password of the user. I don't believe that this password was brute forced, because even microsoft should (now) be able to prevent brute forcing. Or are they not even able to achieve that? Because his account was new it means that many attempts to brute force would have been done in a short period of time, any reasonable system today prevents that...

**I have a little experience with microsoft because we had to support IE in a project. But how IE handles private keys on smart cards is not secure at all (all sessions stay active even card is removed, which was a absolute no-go in this project). Answer from microsoft after needing weeks (and much communication overhead) to confirm the flaw: it will not be fixed before IE 11.

Comment Dear Microsoft (Score 1) 88

by fxbar on Friday April 27, 2012 @10:54AM (#39821077) Attached to: Microsoft Patches Major Hotmail 0-day Flaw After Widespread Exploitation

Dear Microsoft Support,
I own 100'000 hotmail accounts (now), but I don't consider them save anymore. Can I please return them? Would you mind exchanging them for a GMail account?
Thanks

Comment Re:there is a better article (Score 1) 2

by fxbar on Friday April 27, 2012 @08:24AM (#39819217) Attached to: Any Hotmail account could be hacked by just sending a specific string

ok, now it is visible. have to read how slashdot works in more detail. sorry for comment spam.

Submission + - China plans national, unified CPU architecture (extremetech.com)

Submitted by

MrSeb

on Friday April 27, 2012 @07:51AM

MrSeb writes: "According to reports from various industry sources, the Chinese government has begun the process of picking a national computer chip instruction set architecture (ISA). This ISA would have to be used for any projects backed with government money — which, in a communist country such as China, is a fairly long list of public and private enterprises and institutions, including China Mobile, the largest wireless carrier in the world. The primary reason for this move is to lessen China’s reliance on western intellectual property. There are at least five existing ISAs on the table for consideration — MIPS, Alpha, ARM, Power, and the homegrown UPU — but the Chinese leadership has also mooted the idea of defining an entirely new architecture. What if China goes the DIY route and makes its own ISA or microarchitecture with silicon-level censorship and monitoring, or an always-open backdoor for the Chinese intelligence agencies?"

Comment there is a better article (Score 1) 2

by fxbar on Friday April 27, 2012 @07:27AM (#39818895) Attached to: Any Hotmail account could be hacked by just sending a specific string

http://slashdot.org/submission/2041973/microsoft-patches-major-hotmail-0-day-flaw-after-widespread-exploitation I do not understand why this article is not available under "recent". Sorry, I'm new here. I did a search before posting the article, but I did not find that article. Only now by clicking the "security" tag I found that one.

Submission + - Hamilton park new jersey (livingonthepark.com)

Submitted by

jerseycitycondos

on Friday April 27, 2012 @06:42AM

jerseycitycondos writes: "Hamilton Square Luxury Condos in Jersey City New Jersey.Living on the Park offers a plethora of high tech amenities that enable you to live a healthy and stylish life. The studio lofts, and 1, 2 bedrooms offer
breathtaking views of the amazing Manhattan Skyline."

Submission + - Any Hotmail account could be hacked by just sending a specific string (whitec0de.com) 2

Submitted by fxbar on Friday April 27, 2012 @05:16AM

fxbar writes: Any hotmail account could be taken over by sending "+++)-" to the server. The problem is fixed now. Hackers sold accounts for 20$. Here more techinical detail: http://www.vulnerability-lab.com/get_content.php?id=529

The article speculates about rumors that "... there exists another critical vulnerability but it’s knowledge is limited to only the hackers who frequent the dark web."

Maybe this explains: http://idle.slashdot.org/story/12/04/25/2055225/microsofts-hotmail-challenge-backfires

Submission + - Microsoft patches major Hotmail 0-day flaw after widespread exploitation (arstechnica.com)

Submitted by suraj.sun on Thursday April 26, 2012 @10:22PM

suraj.sun writes: Microsoft quietly fixed a flaw in Hotmail's password reset system that allowed anyone to reset the password of any Hotmail account last Friday. The company was notified of the flaw, by researchers at Vulnerability Lab, on April 20th and responded with a fix within hours—but not until after widespread attacks, with the bug apparently spreading "like wild fire" in the hacking community.

Hotmail's password reset system uses a token system to ensure that only the account holder can reset their password — a link with the token is sent to an account linked to the Hotmail account — and clicking the link lets the account owner reset their password. However, the validation of these tokens isn't handled properly by Hotmail, allowing attackers to reset passwords of any account.

Initially hackers were offering to crack accounts for $20 a throw. However, the technique became publicly known and started to spread rapidly with Web and YouTube tutorials showing the technique popping up across the Arabic-speaking Internet.

Slashdot Top Deals