Skip to page content or Skip to Accesskey List.

Work

Main Page Content

Malicious Javascript Shuts Down Hotmail

Posted on 10 May 2000

in News

by Daniel Wood (Sandeater)

Rated 3.89 (Ratings: 0)

Want more?

  • More articles in News
 

Daniel Wood

Member info

User since: 26 Aug 1999

Articles written: 3

Microsoft was force yesterday to take down its Hotmail service for four hours due to a security hole

enabling a malicious spammer to intercept Hotmail authentication cookies and take over users' accounts.

The hole uses HTML containing Javascript, which when a victim views an attached file the script intercepts the cookies and forwards them to a hostile site.

Hotmail has fixed the hole by redirecting victims who activate the attachment before the JavaScript has a chance to intercept the cookies.

Details on the hole can be found at Peacefire.

The access keys for this page are: ALT (Control on a Mac) plus:

evolt.org Evolt.org is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.