Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

hot privates

0 views
Skip to first unread message

John Mutambirwa

unread,
Aug 31, 1999, 3:00:00 AM8/31/99
to

John Mutambirwa 'dreaming awake'
cha...@hotmail.com
http://www.hotmail.com
http://www.geocities.com/Athens/Parthenon/4531

This just came out in today's National Post and it may explain why some of
those who use Hotmail may have experienced spells of infuriating
inconvenience.

John.


Cyber hackers breach 40 million Hotmail account.

Microsoft's 'Data Valdez'


David Akin
National Post


In what experts say is the biggest-ever breach of consumer privacy involving
the Internet, Microsoft Corp. conceded yesterday that a group of unknown
hackers overcame the security of a free e-mail service used by more than 40
million people worldwide.

Microsoft had sealed up the hole in its Hotmail service by 1:30 p.m. EDT,
but the incident had privacy advocates suggesting the information economy is
expanding without proper safeguards for consumer protection.

"The way we look at this is, it's a Data Valdez situation," said Tara
Lemmey, president of San Francisco-based advocacy group Electronic Frontier
Foundation. Just as the the 1989 Exxon Valdez oil spill off the coast of
Alaska was a disaster, so too is Microsoft's loss of confidential
information, she said.

"This is a fairly significant one in terms of a security breach."

There are 2.5 million Hotmail users in Canada. It is the world's most widely
used free Web-based e-mail service.

Because of the hole, known among hackers as an exploit, an unauthorized user
would have been able to read, delete and forward a Hotmail user's e-mail.
The exploit was demonstrated for several news organizations including CNN. A
copy of the exploit was made available to the National Post yesterday but,
by that time, Microsoft had sealed the breach and the exploit was
ineffective.

Normally, a Hotmail must enter a user name and a password before reading
e-mail. With the security breach, a hacker needed to know only an easily
guessed user name.

In the e-mail address b...@hotmail.com, 'bob' is the user name.

Microsoft says it was informed by European sources of the security breach
before 6 a.m. EDT, but the on-line computer industry news site CNet reported
yesterday there is evidence suggesting hackers have had the ability to
access Hotmail accounts for more than a year.

To eliminate the security leak, Microsoft shut down the Hotmail service for
about two hours yesterday morning, preventing millions from accessing their
e-mail account. The service was up and running again by about 1:30 p.m., the
company said.

No instances were reported of consumers losing sensitive information.

Still, privacy advocates say technology companies ought to use the incident
as a warning.

"There's no excuse for not having the system secure. They'll fix it, but I
don't think there's any good excuse for why this bug was there in the first
place," said David Jones, a computer science professor at McMaster
University in Hamilton and co-founder of Electronic Frontier Canada, a group
with close ties to Ms. Lemmey's group.

Jill Schoolenberg, a Toronto-based marketing manager for The Microsoft
Network, said: "A hacker did get in who had very specific knowledge of Web
development languages and they were able to gain access. But we've resolved
the issues to prevent it from happening again. It was an unfortunate
incident."

Ms. Lemmey added: "We need to look at data practices just as we look at
financial practices. When [financial firms] are creating a technical
environment, they go through an audit and look at everything from the locks
on the doors to the security of the computer to the code itself. I think
it's time for the technology industry to go through similar processes to
ensure they have the highest level of security possible."

Microsoft said it would post information about the security breach at msn.ca
and msn.com, the portals for the Microsoft Network.


------------------------------------------------------------------------

RELATED SITES:


(Each link opens a new window)


• 2600: The Hacker Quarterly


• Hacker News Network


• Chaos Computer Club


• Cult of the Dead Cow


• !Hispahack


• L0pht


• Phrack


• Pulhas

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
--
For MAI-not (un)subscription information, posting guidelines and
links to other MAI sites please see http://mai.flora.org/

0 new messages