Jump to content


New Security Flaw In Hotmail

  • Please log in to reply
15 replies to this topic

#1 junkam



  • 80 posts
  • Joined: 06-August 04

Posted 29 August 2006 - 17:43

computer science student discovered a new security flaw in Microsoft email service Hotmail, that could let hackers take control over your Hotmail and Messenger account, and even reset the password.
The student told Microsoft about the flaw over 3 weeks ago and they still haven't fixed the problem.

#2 TheDogsBed


    Neowinian Senior

  • 2,622 posts
  • Joined: 29-July 03
  • Location: United Kingdom
  • OS: OS X

Posted 29 August 2006 - 17:46

Three weeks have passed and the problem still exists, according to Naamana. After three weeks Naamana decided to go public with the information in a hope that this will make Microsoft respond faster and fix the flaw.

And, of course, get his name recognised a little.

#3 vetJohn


    Neowinian Senior

  • 17,653 posts
  • Joined: 28-January 02
  • Location: Des Moines, IA

Posted 29 August 2006 - 17:58

Baha Naamana, who discovered this flaw reported his finding to Microsoft three weeks ago, and got a response from Microsoft Security Response Center that they will investigate the report, and they asked him not to disclose the information.

So they were looking in to it and told him not to disclose the information, and then he does? Did he wait to get a response back from them? Did he try to contact them again before making the information public?

I don't think he understands how busy MSRC is, and that he'd be doing more harm than anything else by making this information public.

#4 Slimy


    Ars + Neowin

  • 22,355 posts
  • Joined: 04-April 04

Posted 30 August 2006 - 00:12

I wonder if it affects windows live mail...

#5 vetL3thal


    Honor, Duty, Fidelity

  • 19,062 posts
  • Joined: 30-May 04
  • Location: New Jersey

Posted 30 August 2006 - 04:36

And, of course, get his name recognised a little.

You summed it up :yes:

#6 KHaKi-


    No Regret.

  • 1,169 posts
  • Joined: 22-March 04
  • Location: Boredtown, Indiana

Posted 30 August 2006 - 04:48

I was actually hoping this would be a good flaw, I was actually excited :shiftyninja: . Then i read it and Im like ".....another one of the 'a user has to be an idiot and click something from someone they don't know' flaws." Sure, on level it could be abused, but some of the more technical people arent going to click it unless they know who its from to BEGIN with. :rolleyes:

#7 AxelStone



  • 363 posts
  • Joined: 12-March 02

Posted 30 August 2006 - 13:35

Its microsoft's own fault. They have no status notification or current notification que if the issue has been resolved. It doesnt have to be anything complicated.

What do you expect, someone mentions to you a problem and you just say "ok".... what are they going to think? 99% of the time they will think, "he just ignored me". Not "Oh, they must be busy and are still working on it."

#8 Rahul


    Neowinian Senior

  • 5,634 posts
  • Joined: 03-May 04
  • Location: Pelican Bay State Prison,Crescent City,California

Posted 30 August 2006 - 13:47

BAHA NAMAANA is da man.

so what he tried a cheap publicity stunt

#9 noroom


    Neowinian Senior

  • 2,452 posts
  • Joined: 21-July 03
  • Location: Germany

Posted 30 August 2006 - 14:00

What's his name? Banana Man? :rofl:

#10 vetPL_


    Neowinian Senior

  • 13,773 posts
  • Joined: 02-August 05
  • Location: London, UK

Posted 30 August 2006 - 14:23

What's his name? Banana Man? :rofl:



#11 The Teej

The Teej

    Also known as The Tjalian

  • 7,097 posts
  • Joined: 03-October 05
  • Location: England, UK

Posted 30 August 2006 - 15:00

Wow, what an ass. If nobody knows about the flaw how can it possibly be of any harm? ****ing off Microsoft by going against what they specifically said not to do won't earn him any brownie points, so why do it? Fame, recognition? Nobody is gonna remember Bananarama's name in a few weeks anyway, so his 15 seconds won't go very far.

#12 thugilex


    Neowinian Senior

  • 3,156 posts
  • Joined: 17-September 04
  • Location: Lebanon - Beirut

Posted 30 August 2006 - 18:21

who still uses hotmail accounts ?

#13 Pajter



  • 5,344 posts
  • Joined: 10-June 04
  • Location: Netherlands

Posted 30 August 2006 - 18:28

What's his name? Banana Man? :rofl:

That comment totally made my day! :laugh: :rofl:

#14 InsaneNutter


    Neowinian Senior

  • 4,141 posts
  • Joined: 15-March 03
  • Location: Yorkshire, England
  • OS: Win 8.1, OSX 10.10 & Ubuntu
  • Phone: OnePlus One

Posted 30 August 2006 - 18:31

who still uses hotmail accounts ?

Millions of people at a guess, need u ask :p

Probably 99% of teenagers online in the uk.. you would be better asking a teenager if they dont. ;)

#15 OP junkam



  • 80 posts
  • Joined: 06-August 04

Posted 30 August 2006 - 18:49

It should not take so long for Microsoft to fix this problem, it's not like they need to distribute a patch to client, they just need to fix the server application.