|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: hotmail
Lachlan O'Dea (lodea
vet.com.au)
Wed, 1 Sep 1999 13:19:25 +1000
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Chris Shenton: "Inetd -l: log *all* connection attempts (not just valid svcs)"
- Previous message: Bill Swingle: "Re: FreeBSD Security Advisory"
- In reply to: Wes Peters: "Re: FreeBSD Security Advisory"
On Tue, Aug 31, 1999 at 08:03:26PM -0700, Kevin Lynn wrote:
> Yes.. but chances are it's because of a security hole that wasn't because
> of freebsd as slashdot posted something about the security hole being
> exploitable via some web page that would let you read other peoples
mail.
By the time I caught up the this, the exploit appeared to have been
fixed, but what I've read indicated that the web pages with the exploit
simply perform a GET on the following URL:
http://207.82.250.251/cgi-bin/start?curmbox=ACTIVE&js=no&login=USERNAME&passwd=eh
and that you could just type that in your browser, putting in whatever
username you want. You then received full access to that user's account.
Many people are saying this is a result of Hotmail's use of the
Microsoft Passport system. It is designed to allow you to log in to any
MSN site without having to re-enter your username and password every
time. Well, I guess not requiring a password is one way to achieve that.
In any case, it seems that the operating system being used was not a
factor at all.
-- Lachlan O'Dea <mailto:lodea"With our combined strength, we can end this destructive conflict and bring order to the galaxy." - Darth Vader
To Unsubscribe: send mail to majordomo
- Next message: Chris Shenton: "Inetd -l: log *all* connection attempts (not just valid svcs)"
- Previous message: Bill Swingle: "Re: FreeBSD Security Advisory"
- In reply to: Wes Peters: "Re: FreeBSD Security Advisory"
This archive was generated by hypermail 2.0b3 on Thu Sep 23 1999 - 03:55:25 CDT