IDG.net: Experts: Hotmail hack easy, office fix flawedSep 02, 1999, 21:22 (5 Talkback[s])
(Other stories by Elinor Mills Abreu)
"Tweety Fish, a hacker with the hacker group Cult of the Dead Cow, said the Hotmail hack is 'about the easiest I've ever seen. ... 'For Microsoft to call this knowledge anything 'advanced' is a truly laughable PR play.' "
" 'I can't overstate what a horrifying example this is of Microsoft's total inability to take security issues seriously. '50 million' people's private information was left completely wide open to anybody with the ability to make a Web page for OVER 24 hours, and Microsoft chose to minimize the problem and delay their own response,' he wrote. 'It is completely irresponsible on their part, and, I think, should serve as an indication to the public at large that nothing Microsoft says about security should ever be taken seriously without independent verification.' "
"In another development today, Smith said the individual who discovered last week's security hole in Office 97 and Office 2000 now says the fix for those vulnerabilities has a problem. 'This Office problem seems to be taking weeks and weeks and weeks and more than one try to get right,' he said.
The security flaw, related to Microsoft's Jet data access software, allows code in an Excel 97 worksheet that is hidden in a Web page or sent via e-mail to delete data, read files or spread viruses, according to Juan Carlos Garcia Cuartango, the Spanish engineer who discovered the exploit."