Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


CNET News.com: Hotmail hole raises larger security issues

Aug 31, 1999, 21:04 (0 Talkback[s])
(Other stories by Joe Wilcox)

"A security hole discovered yesterday in Microsoft's MSN Hotmail calls into question the free email service's practice of allowing users to log on from any Web page, security experts said."

"While Netscape, Yahoo, and other free email services direct users to specific login Web sites, Hotmail allows users to access their accounts from any Web page. A simple login HTML form or Javascript, which appears on the Web page as a box for the username and password, is all that is needed. Many Web sites offer this service."

" 'I think [login programs are] a big mistake, said Richard Smith, president of Cambridge-based Phar Lap Software. 'If you log in from somebody else's Web page, they can equally bug the message to grab your username and password.' "

"The only solution, said security experts, is to restrict login access to a central page."

Complete Story

Related Stories: