What does MicroSoft have with security flaws??
Microsoft Corp. says a security hole in its Web-based e-mail service, MSN Hotmail, is so difficult to exploit that it would be unfeasible for malicious individuals to use it to read others' e-mail. The bug, reported by hacker e-zine Root-Core Network Saturday, allows a Hotmail account holder to view messages in the mailboxes of other subscribers. However, MSN Product Manager Mark Wain said that, for each message a hacker might read, he or she would have to already know - or be able to guess - a two-part identification number that totals at least nine digits. |
In a bulletin posted on the outfit's Web site Saturday, Root-Core members demonstrated how specially crafted uniform resource locators (URLs) containing such message IDs could do an end-run around password security on the Hotmail servers.
Confirming that the ID number was derived in part from a time stamp applied to Hotmail messages, Wain said: "Based on our investigation so far, for a malicious user to successfully exploit this issue ... they would need to know the exact second that the individual mail arrived, and they would need to know a specific message ... number."
Read the full story Here
Source: NewsBytes
