Hotmail vulnerable to JavaScript exploit

A hacker has developed a method of bypassing the JavaScript filtering mechanisms of Hotmail, in the latest security flap to hit Microsoft's Web-based email service.

ObLiviON has sent details of a sample exploit that shows how to smuggle JavaScript code through Hotmail filters and into a user's In-box, to security mailing list BugTraq.

Used maliciously, the exploit would allow a cracker (or spammer) to construct an email that redirects a Hotmail user to a particular Web page. This could be used as part of a plan to fool them into retyping their password. A Hotmail user would need only to enter their In-box for this exploit to work, after which their emails could be read.

In an email to The Reg, ObLiviON explained that Hotmail's JavaScript filter is supposed to filter all JavaScript code, and some html code that can lead to applet execution.

News source (and the rest): The Register

Previous Story
Many technology industrials lost in hijackings
Next Story
FBI taps ISPs in hunt for attackers