Again Microsoft have problems with there security this time a flaw in microsoft free email service Hotmail seems also to be a threat
for there upcoming Windows XP.
As Microsoft CEO Steve Ballmer touted Windows XP's rapid progression toward manufacturing, news reports began to surface indicating that a proof of concept "hack" had compromised the integrity of the company's Hotmail e-mail services. Throughout its lifespan, Hotmail has been plagued by outages and occasionally some highly embarrassing security oversights. Now that integral components of Windows are tightly integrated with Microsoft's Passport authentication system and Web based services, even seemingly minor incidents are examined under the lens of a microscope. |
Late Sunday night, Root Core, a group of computer security experts, published information exposing vulnerabilities in Microsoft's popular service. While it is not known how many e-mail accounts were accessed, the methods employed in order to successfully follow the exploit prohibit widespread abuse. The hack requires specific knowledge of a target's username as well as a Message ID '“- comprised of a string of 10-11 unique digits.
In order to be successful, a hacker would need to know the exact time a particular message was sent down to the second. UK based technology news site, The Register, reported that a "brute force" application authored by Root Core was itself cumbersome and time consuming. It also requires a high bandwidth Internet connection.
In an e-mail statement sent to BetaNews written by MSN Product Manager Mark Wain, the company downplayed the potential for mischief. Wain wrote, "These conditions make it extremely difficult for anyone but the user themselves to exploit this 'proof of concept' code which the poster has given us. A malicious attacker would have to conduct thousands if not tens of thousands of attempts before they could hit on a valid message ID, and even that would only give them a portion of the information they would need to fully exploit this issue."
Read the full story Here
Source: BetaNews
