Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
flora.mai-not
Message from discussion hot privates

View parsed - Show only message text

From: chak...@hotmail.com (John Mutambirwa)
Subject: hot privates
Date: 1999/08/31
Message-ID: <19990831190303.66649.qmail@hotmail.com>#1/1
X-Deja-AN: 519429658
Approved: owner-mai-...@flora.org
Content-Type: text/plain; format=flowed
X-Complaints-To: news@flora.ottawa.on.ca
X-Trace: calcutta.flora.ottawa.on.ca 936126249 17247 209.195.78.66 (31 Aug 1999 19:04:09 GMT)
Organization: FLORA Community WEB
Mime-Version: 1.0
NNTP-Posting-Date: 31 Aug 1999 19:04:09 GMT
Newsgroups: flora.mai-not









John Mutambirwa   'dreaming awake'
chak...@hotmail.com
http://www.hotmail.com
http://www.geocities.com/Athens/Parthenon/4531

This just came out in today's National Post and it may explain why some of 
those who use Hotmail may have experienced spells of infuriating 
inconvenience.

John.


Cyber hackers breach 40 million Hotmail account.

Microsoft's 'Data Valdez'


David Akin
National Post


In what experts say is the biggest-ever breach of consumer privacy involving 
the Internet, Microsoft Corp. conceded yesterday that a group of unknown 
hackers overcame the security of a free e-mail service used by more than 40 
million people worldwide.

Microsoft had sealed up the hole in its Hotmail service by 1:30 p.m. EDT, 
but the incident had privacy advocates suggesting the information economy is 
expanding without proper safeguards for consumer protection.

"The way we look at this is, it's a Data Valdez situation," said Tara 
Lemmey, president of San Francisco-based advocacy group Electronic Frontier 
Foundation. Just as the the 1989 Exxon Valdez oil spill off the coast of 
Alaska was a disaster, so too is Microsoft's loss of confidential 
information, she said.

"This is a fairly significant one in terms of a security breach."

There are 2.5 million Hotmail users in Canada. It is the world's most widely 
used free Web-based e-mail service.

Because of the hole, known among hackers as an exploit, an unauthorized user 
would have been able to read, delete and forward a Hotmail user's e-mail. 
The exploit was demonstrated for several news organizations including CNN. A 
copy of the exploit was made available to the National Post yesterday but, 
by that time, Microsoft had sealed the breach and the exploit was 
ineffective.

Normally, a Hotmail must enter a user name and a password before reading 
e-mail. With the security breach, a hacker needed to know only an easily 
guessed user name.

In the e-mail address b...@hotmail.com, 'bob' is the user name.

Microsoft says it was informed by European sources of the security breach 
before 6 a.m. EDT, but the on-line computer industry news site CNet reported 
yesterday there is evidence suggesting hackers have had the ability to 
access Hotmail accounts for more than a year.

To eliminate the security leak, Microsoft shut down the Hotmail service for 
about two hours yesterday morning, preventing millions from accessing their 
e-mail account. The service was up and running again by about 1:30 p.m., the 
company said.

No instances were reported of consumers losing sensitive information.

Still, privacy advocates say technology companies ought to use the incident 
as a warning.

"There's no excuse for not having the system secure. They'll fix it, but I 
don't think there's any good excuse for why this bug was there in the first 
place," said David Jones, a computer science professor at McMaster 
University in Hamilton and co-founder of Electronic Frontier Canada, a group 
with close ties to Ms. Lemmey's group.

Jill Schoolenberg, a Toronto-based marketing manager for The Microsoft 
Network, said: "A hacker did get in who had very specific knowledge of Web 
development languages and they were able to gain access. But we've resolved 
the issues to prevent it from happening again. It was an unfortunate 
incident."

Ms. Lemmey added: "We need to look at data practices just as we look at 
financial practices. When [financial firms] are creating a technical 
environment, they go through an audit and look at everything from the locks 
on the doors to the security of the computer to the code itself. I think 
it's time for the technology industry to go through similar processes to 
ensure they have the highest level of security possible."

Microsoft said it would post information about the security breach at msn.ca 
and msn.com, the portals for the Microsoft Network.








------------------------------------------------------------------------





RELATED SITES:


(Each link opens a new window)












• 2600: The Hacker Quarterly


• Hacker News Network


• Chaos Computer Club


• Cult of the Dead Cow


• !Hispahack


• L0pht


• Phrack


• Pulhas

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
--
For MAI-not (un)subscription information, posting guidelines and
links to other MAI sites please see http://mai.flora.org/

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google