Sign in to follow this  
Followers 0
junkam

New Security Flaw In Hotmail

16 posts in this topic

computer science student discovered a new security flaw in Microsoft email service Hotmail, that could let hackers take control over your Hotmail and Messenger account, and even reset the password.

The student told Microsoft about the flaw over 3 weeks ago and they still haven't fixed the problem.

Share this post


Link to post
Share on other sites
Three weeks have passed and the problem still exists, according to Naamana. After three weeks Naamana decided to go public with the information in a hope that this will make Microsoft respond faster and fix the flaw.
And, of course, get his name recognised a little.

Share this post


Link to post
Share on other sites
Baha Naamana, who discovered this flaw reported his finding to Microsoft three weeks ago, and got a response from Microsoft Security Response Center that they will investigate the report, and they asked him not to disclose the information.

So they were looking in to it and told him not to disclose the information, and then he does? Did he wait to get a response back from them? Did he try to contact them again before making the information public?

I don't think he understands how busy MSRC is, and that he'd be doing more harm than anything else by making this information public.

Share this post


Link to post
Share on other sites

I wonder if it affects windows live mail...

Share this post


Link to post
Share on other sites

And, of course, get his name recognised a little.

You summed it up :yes:

Share this post


Link to post
Share on other sites

I was actually hoping this would be a good flaw, I was actually excited :shiftyninja: . Then i read it and Im like ".....another one of the 'a user has to be an idiot and click something from someone they don't know' flaws." Sure, on level it could be abused, but some of the more technical people arent going to click it unless they know who its from to BEGIN with. :rolleyes:

Share this post


Link to post
Share on other sites

Its microsoft's own fault. They have no status notification or current notification que if the issue has been resolved. It doesnt have to be anything complicated.

What do you expect, someone mentions to you a problem and you just say "ok".... what are they going to think? 99% of the time they will think, "he just ignored me". Not "Oh, they must be busy and are still working on it."

Share this post


Link to post
Share on other sites

BAHA NAMAANA is da man.

so what he tried a cheap publicity stunt

Share this post


Link to post
Share on other sites

What's his name? Banana Man? :rofl:

Share this post


Link to post
Share on other sites

What's his name? Banana Man? :rofl:

:laugh:

Bananarama!

Share this post


Link to post
Share on other sites

Wow, what an ass. If nobody knows about the flaw how can it possibly be of any harm? ****ing off Microsoft by going against what they specifically said not to do won't earn him any brownie points, so why do it? Fame, recognition? Nobody is gonna remember Bananarama's name in a few weeks anyway, so his 15 seconds won't go very far.

Share this post


Link to post
Share on other sites

who still uses hotmail accounts ?

Share this post


Link to post
Share on other sites

What's his name? Banana Man? :rofl:

That comment totally made my day! :laugh: :rofl:

Share this post


Link to post
Share on other sites

who still uses hotmail accounts ?

Millions of people at a guess, need u ask :p

Probably 99% of teenagers online in the uk.. you would be better asking a teenager if they dont. ;)

Share this post


Link to post
Share on other sites

It should not take so long for Microsoft to fix this problem, it's not like they need to distribute a patch to client, they just need to fix the server application.

Share this post


Link to post
Share on other sites

It should not take so long for Microsoft to fix this problem, it's not like they need to distribute a patch to client, they just need to fix the server application.

Well, considering Microsoft has other bigger fish to take care of, I don't think this is really a priority to them since its not being abused in a big scale and it has just been announced publicly.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.