NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2002-02

From: Tom McAdam (tomcfuture-i.com)
Date: Sun Feb 10 2002 - 04:28:41 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 8 Feb 2002, Tom Micklovitch wrote:

> Exploit:
>
> Register an account for MSN messenger, make some contact email
> addresses, leave the account for 31 days. On a different machine (to
> ensure there's no cache), go to the sign up section of MSN messenger,
> sign up again, using the same screen name. You'll be able to see the
> previous user's contact list.
>
> -- snip --

This issue was initially reported back in August 2000 to Bugtraq [1] by
James Nelson

Microsoft did respond [2] but must've decided it wasn't an issue... all
those lovely graphical updates to make Messenger look pretty were
obviously deemed more important.

[1] http://www.securityfocus.com/archive/1/76183
[2] http://www.securityfocus.com/archive/1/76388

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]