Linux Today: Linux News On Internet Time.

More on LinuxToday

Wired: MSN Messenger Exposes Passwords

Aug 18, 1999, 21:30 (1 Talkback[s])
(Other stories by Andy Patrizio)

"Anyone can get your MSN Messenger password if you walk away from your computer. ... The exploit can be reproduced by selecting 'Tools' from the menu, then 'Hotmail Inbox.' This will launch the user's browser to connect to Microsoft Hotmail. If the user quickly hits the stop button on the browser and then views the page HTML source, all of the user information is visible, including the password..."

"This exploit is only possible from the user's system. ... There is no risk of someone stealing an MSN Messenger password over the Net."

"By Friday, Microsoft will issue a patch that will block sensitive information being passed from the messenger to Hotmail... The update will add cryptography to the page, so if users try to get at the HTML code, it will appear as garbage characters."

Complete Story

Related Stories: