Skip to page content or Skip to Accesskey List.


Main Page Content

Malicious Javascript Shuts Down Hotmail

Rated 3.89 (Ratings: 0)

Want more?

  • More articles in News

Daniel Wood

Member info

User since: 26 Aug 1999

Articles written: 3

Microsoft was force yesterday to take down its Hotmail service for four hours due to a security hole

enabling a malicious spammer to intercept Hotmail authentication cookies and take over users' accounts.

The hole uses HTML containing Javascript, which when a victim views an attached file the script intercepts the cookies and forwards them to a hostile site.

Hotmail has fixed the hole by redirecting victims who activate the attachment before the JavaScript has a chance to intercept the cookies.

Details on the hole can be found at Peacefire.

The access keys for this page are: ALT (Control on a Mac) plus: is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.