Full Disclosure mailing list archives
Re: Hotmail & Passport (.NET Accounts)
From: Darren Reed <avalon () caligula anu edu au>
Date: Fri, 9 May 2003 23:09:27 +1000 (Australia/ACT)
In some mail from adf--at--Code511.com, sie said:
Is it me or ms never credit vulnerabilities according to http://www.microsoft.com/security/passport_issue.asp "a report was published detailing a security vulnerability(...)"? No more details or credit.
And they should because...? If you ask me, doing this for "fame and fortune" is really against what i would call traditional hacker ethic.
I also saw online news like http://www.vnunet.com/News/1140757 none mentioned as it was said in Muhammad's post the issue was discovered, and ms warned since 12th April 2003. Meaning it let opened user's account (40 m users?) open for almost 3 weeks...
that's ms marketting for you! but if you think "open for almost 3 weeks", think again. "_KNOWN_ open for almost 3 weeks" is more correct. if someone had of been less inclined to show off their skills in being able to reset hotmail passwords, it'd still be unknown and may have been "in use" for some time before that, if not by that person then by others. Will MS tell us? Not likely. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Hotmail & Passport (.NET Accounts) Vulnerability Muhammad Faisal Rauf Danka (May 07)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Michael J McCafferty (May 08)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability adf--at--Code511.com (May 08)
- Re: Hotmail & Passport (.NET Accounts) Darren Reed (May 09)
- Re: Hotmail & Passport (.NET Accounts) Ron DuFresne (May 09)
- Re: Hotmail & Passport (.NET Accounts) adf--at--Code511.com (May 09)
- Re: Hotmail & Passport (.NET Accounts) Nick FitzGerald (May 09)
- Re: Hotmail & Passport (.NET Accounts) Georgi Guninski (May 10)
- Re: Hotmail & Passport (.NET Accounts) Nick FitzGerald (May 10)
- Re: Hotmail & Passport (.NET Accounts) Mark J Cox (May 12)
- RE: Hotmail & Passport (.NET Accounts) Ed Carp (May 12)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability adf--at--Code511.com (May 08)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Michael J McCafferty (May 08)
- <Possible follow-ups>
- RE: Hotmail & Passport (.NET Accounts) Vulnerability Christopher F. Herot (May 07)
