Information Security News
mailing list archives
New Hotmail Hack Evades Filters
From: InfoSec News <isn () c4i org>
Date: Tue, 11 Sep 2001 01:10:20 -0500 (CDT)
By Brian McWilliams, Newsbytes
REDMOND, WASHINGTON, U.S.A.,
10 Sep 2001, 4:19 PM CST
A new technique for attacking MSN Hotmail users has been discovered,
the latest in a cat-and-mouse game between Microsoft [NASDAQ:MSFT] and
user, an attacker can evade the filters Microsoft has put in place to
protect the millions who rely on MSN's popular Web-based e-mail
service, Newsbytes has confirmed.
Microsoft representatives said the company was investigating the new
attack and declined further comment.
The technique, announced today on a security mailing list, doesn't
even require that the victim open the booby-trapped message.
According to a posting from Bart van Arnhem, a resident of the
Netherlands using the nickname "Oblivion," Hotmail takes the From
address on an incoming message and builds it into the HTML code for
displaying the Hotmail user's Inbox.
As a result, simply viewing the service's Inbox page will cause the
In an e-mail interview with Newsbytes, van Arnhem said that while
Hotmail allows any data to be inserted in the "From" line of incoming
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
- New Hotmail Hack Evades Filters InfoSec News (Sep 11)