Microsoft took part of its MSN Web site offline over the weekend, after it learned of a flaw that could let an attacker gain access to Hotmail accounts, the company said.
The MSN Web site, http://ilovemessenger.msn.com/, contained a so-called cross-site scripting flaw, a Microsoft representative said on Monday. In its initial review of the issue, the company found that an attacker could use the vulnerability to obtain "cookies" from Hotmail users by getting them to click on a malicious URL. That could then grant access to those e-mail accounts, the representative said.
News source: C|Net News.com
The MSN Web site, http://ilovemessenger.msn.com/, contained a so-called cross-site scripting flaw, a Microsoft representative said on Monday. In its initial review of the issue, the company found that an attacker could use the vulnerability to obtain "cookies" from Hotmail users by getting them to click on a malicious URL. That could then grant access to those e-mail accounts, the representative said.
News source: C|Net News.com
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.