Linux Today: Linux News On Internet Time.

CNET News.com: Hotmail hole raises larger security issues

Aug 31, 1999, 21:04 (0 Talkback[s])
(Other stories by Joe Wilcox)

"A security hole discovered yesterday in Microsoft's MSN Hotmail calls into question the free email service's practice of allowing users to log on from any Web page, security experts said."

"While Netscape, Yahoo, and other free email services direct users to specific login Web sites, Hotmail allows users to access their accounts from any Web page. A simple login HTML form or Javascript, which appears on the Web page as a box for the username and password, is all that is needed. Many Web sites offer this service."

" 'I think [login programs are] a big mistake, said Richard Smith, president of Cambridge-based Phar Lap Software. 'If you log in from somebody else's Web page, they can equally bug the message to grab your username and password.' "

"The only solution, said security experts, is to restrict login access to a central page."

Complete Story

Related Stories: