SqueakyByte Posted June 23, 2003 Share Posted June 23, 2003 Hotmail breach: whodunnitBy Robin LloydCNN Interactive Senior Writer August 31, 1999Web posted at: 1:36 p.m. EDT (1736 GMT)--------------------------------------------------------------------------------In this story:How it worked still a mystery'You have to be well-trained, highly caffeinated and alert'RELATED STORIES, SITES --------------------------------------------------------------------------------(CNN) -- A New Jersey man who wrote a simple program to save himself the time it takes to repeatedly log on to Microsoft's Hotmail said he had nothing to do with a breach that cracked the privacy of millions who subscribe to the Web-based e-mail service. "I'm in a little bit of shock right now," Michael Nobilio said after he learned that he had been credited as a responsible party by an online computer news service. "This story is entirely fiction." The breach came to light Monday and allowed users to open anyone's Hotmail account, as well as send e-mail under their name. Microsoft said it fixed the problem later in the day, but it remained unclear whether new hacker code would surface Tuesday or another day, defeating Hotmail's promise of renewed privacy for its 40 million subscribers. Nobilio's program was simple Java script that saved his username as a "cookie" on his personal computer so he didn't have to type his username repeatedly throughout a day of rechecking his Hotmail. The program provided no access to his password, he said. He had to type that in. "It was totally harmless. It was just a time-saver, that was it," he said. It is still unclear if Nobilio's program had anything to do with the breach that lasted several hours and forced Hotmail to take down its service for two hours Monday. A group called Hackers Unite has claimed responsibility for the breach, it was reported Tuesday by Wired News online. Through a spokesman, the group said they announced the hole to the Swedish media over the weekend to make Microsoft look bad and show that its security could be defeated. The Swedish newspaper Expressen first reported the breach. Hackers Unite reportedly is comprised of one Swede and seven Americans. How it worked still a mysteryHackers have known various ways to crack into Hotmail for some time. What reportedly happened over the weekend is that hackers took advantage of a Hotmail login script. Security expert Richard Smith said the problem likely came through a backdoor left open on Hotmail servers by Microsoft coders. Smith is president of Phar Lap Software in Cambridge, Massachusetts, and helped track down the author of the "Melissa" virus earlier this year. Microsoft put the blame for the incident at the hands of hackers, not coders who failed to close security loops in their software. The breach came in two waves Monday -- an initial opening came via several Web sites that Microsoft closed down by 11 a.m. and a second entrance through a Web address came to light in the mid-afternoon. The second entrance seemed to take advantage of a CGI script on Hotmail servers that allowed a user to slide into a Hotmail account without using a password. Microsoft shut that down just after 4:30 p.m. 'You have to be well-trained, highly caffeinated and alert'Adam Arrowood, a computer research scientist at the Georgia Institute of Technology, said that absolute security is a tough hurdle when writing software for the Web. Programs that run browsers connect to a server, get information and disconnect, rather than keeping a continuous link. That makes it hard for security applications to keep track of passwords and logins, he said. "It's very tricky," he said. There is no one with more than three years of experience in the field. "You have to be well-trained, highly caffeinated and alert when you are doing this," he said, "or there will be ways around security measures that you attempt to put in." Source: CNNRead the full story here. Link to comment Share on other sites More sharing options...
SqueakyByte Posted June 23, 2003 Author Share Posted June 23, 2003 can u put this on front page aaron? Link to comment Share on other sites More sharing options...
amdphr3@kXP Posted June 23, 2003 Share Posted June 23, 2003 Well, Microsoft's operating systems are insecure, so how can u expect their servers to be secure? Link to comment Share on other sites More sharing options...
SqueakyByte Posted June 23, 2003 Author Share Posted June 23, 2003 heh Link to comment Share on other sites More sharing options...
Visentinel Posted June 23, 2003 Share Posted June 23, 2003 Windows is SecureIts their Hotmail Software wellll Win2k3 is anyways Link to comment Share on other sites More sharing options...
sedative Posted June 23, 2003 Share Posted June 23, 2003 Windows is SecureIts their Hotmail Software wellll Win2k3 is anyways That's funny. Link to comment Share on other sites More sharing options...
Doggie Posted June 23, 2003 Share Posted June 23, 2003 August 31, 1999 ? Link to comment Share on other sites More sharing options...
Visentinel Posted June 23, 2003 Share Posted June 23, 2003 August 31, 1999 ? What =| ? Link to comment Share on other sites More sharing options...
SqueakyByte Posted June 23, 2003 Author Share Posted June 23, 2003 thats when this happenedi was wondering who would notice Link to comment Share on other sites More sharing options...
Aaron Posted June 23, 2003 Share Posted June 23, 2003 August 31, 1999Web posted at: 1:36 p.m. EDT (1736 GMT)can u put this on front page aaron?You're funny. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now