Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


SRO: How Hotmail Blew It

Sep 02, 1999, 19:37 (1 Talkback[s])
(Other stories by Steven J. Vaughan-Nichols)

"Analysis: Taking advantage of the Hotmail security hole was as easy as stealing an idling Porsche with the keys in the ignition switch."

"So, what caused the Hotmail security hole? It has nothing to do with a fundamental flaw with Hotmail software, the operating system or the architecture. There's also no evidence that the security vulnerability was a 'backdoor' left in the Hotmail program to enable programmers to sneak peeks at users' mail.

No, the problem exploited... was the result of sloppy CGI coding. By implicitly trusting information that's sent in the above Uniform Resource Locator (URL) data and format and not requiring any further user password check, Hotmail's security door was left wide open."

"...given Hotmail's history of security holes, the ease by which this one could be exploited, and the awe-inspiring scope of just what a huge hole it was, resellers and users cannot be blamed for looking for safer e-mail systems."

Complete Story

Related Stories: