Deb
08-25-1998, 08:15 PM
Users of Microsoft's Hotmail free e-mail service could be tricked into disclosing their user names and passwords to malicious Internet users because of a security hole made public Monday.
The flaw was discovered by engineers at Canadian network reseller Specialty Installations. The engineers posted details Monday of a piece of JavaScript code -- dubbed the "Hot"Mail -- that could be used to show names and passwords of any user of the Hotmail service.
Malicious users can exploit "Hot"Mail by sending an e-mail message containing the JavaScript code to a Hotmail user. When the user reads the message, the JavaScript is activated and forces the user to log in again. The password and user name entered are automatically e-mailed to the malicious user.
To continue reading this article refer to http://www.techweb.com/wire/story/TWB19980825S0006
The flaw was discovered by engineers at Canadian network reseller Specialty Installations. The engineers posted details Monday of a piece of JavaScript code -- dubbed the "Hot"Mail -- that could be used to show names and passwords of any user of the Hotmail service.
Malicious users can exploit "Hot"Mail by sending an e-mail message containing the JavaScript code to a Hotmail user. When the user reads the message, the JavaScript is activated and forces the user to log in again. The password and user name entered are automatically e-mailed to the malicious user.
To continue reading this article refer to http://www.techweb.com/wire/story/TWB19980825S0006