HOTMAIL closed (fwd)
From
Flint Jones <flint@nsa.secret.org>
Date
Tue, 31 Aug 1999 12:26:49 -0400 (EDT)
[: hacktivism :]
Yet another good reason for activists not to use hotmail.
Solid,
Flint
---------- Forwarded message ----------
INDEPENDENT (London) August 31
HACKERS FORCE HOTMAIL CLOSURE
ONE OF the biggest breaches of security in
Internet history meant that the messages of 50 million Hotmail users
worldwide could be read by anyone for six hours yesterday.
Microsoft was forced to shut down its popular, free e-mail service after a
bug in the system allowed hackers to access people's messages without
knowing their passwords and to send bogus messages in other people's
names.
News of the breach, and information about how it worked, spread rapidly
across both technical and hacking websites. By the time the original site,
based in Sweden, was taken down by its host, it had already been copied to
sites in this country and the US.
Hotmail is claimed to be the world's largest provider of free Web-based
e-mail, with an estimated 50 million subscribers worldwide, of which 5
million are British. Since Hotmail can be accessed from anywhere with a
Web browser, people use it for personal messages at work or while
travelling. It is particularly popular among students travelling overseas
and businessmen who value its privacy.
One British website where the hacking code was posted was headlined: "This
is how you find out a Hotmail user's password." It ended: "Happy
hacking!!!"
Internet analysts described yesterday's security flaw as catastrophic. It
was the most serious in a run of recent security breaches in the growing
Internet industry. Unlike previous incidents, the latest did not require
hackers to have in-depth knowledge of software systems.
A Microsoft spokeswoman confirmed the security lapse last night and
claimed it had been repaired. "Once notified of the issue we started
investigating it and turned off the Hotmail servers in the interest of
user privacy and security," she said. "My understanding is that we have
resolved the issue to prevent future attacks and all Hotmail servers
should already be back up. No user action is required. Microsoft takes the
privacy and security of our customers very seriously."
Shares in Microsoft fell slightly on the New York stock exchange
yesterday. The recent spate of security failures has involved varying
degrees of risk, ranging from no damage to the complete corruption of
computer files.
A team of scientists discovered a bug last week in tens of millions of
Microsoft Windows computer operating systems that allowed a hacker to
corrupt or take control of a personal computer by sending an e-mail
containing a virus that can modify files, wipe a hard drive or execute
other commands.
Most copies of Windows 95 and all versions of Windows 98 were vulnerable
to the virus, which unlike previous strains does not require the victim to
open the e-mail.
Officials at Microsoft, admitted earlier this month that the MSN Messenger
instant-message service, a form of real-time e-mail, could accidentally
disclose Hotmail account passwords.
===================
GUARDIAN (London) August 31
Hackers force Microsoft Hotmail shutdown
Microsoft pulled the plug on its Hotmail service yesterday after one of
the biggest security breaches in internet history allowed hackers to read
the private emails of more than 50m subscribers.
A bug in the system allowed hackers to log into Hotmail accounts without
typing passwords that were supposed to guarantee confidentiality.
Unknown sources posted websites in Britain and Sweden that featured nine
lines of code which enabled browsers to bypass Microsoft's security
system. Copies of the code circulated within hours and were posted on
hacking-related websites, said Wired News, an online magazine.
Microsoft closed down its service, which is claimed to be the world's
largest provider of free web-based email, but it was feared that hackers
were still able to gain access.
Internet analysts described the incident as a catastrophic security flaw.
Still posted on the web last night was Hotmail's promise to subscribers:
"We are committed to protecting your privacy and developing technology
that gives you the most powerful, safe, online experience that you can get
anywhere... because your privacy is important to us."
Christian Carrwik, a reporter with the Expressen newspaper, in Sweden,
which broke the story yesterday, said rumours of a security breach had
been circulating for days.
Microsoft had privately admitted the problem but did not warn users nor
close down Hotmail until yesterday.
"The back door is still open and more and more people are discovering
their way through it," said Mr Carrwik.
Yesterday's lapse was the most serious in a string of recent security
gaffes in the growing internet industry. Hacking usually requires in-depth
knowledge of software systems but the latest breach allowed anybody with
an internet browser to read private correspondence.
According to the British website where the hacking code was posted, it was
written on June 7 1998. The website was headlined: "This is how you find
out a Hotmail user's password." It ended: "Happy hacking!!!"
Microsoft's website said the hacking was not affecting all Hotmail users
and was not expected to "last much longer".
Shares in Microsoft fell slightly on the New York stock exchange
yesterday.
The recent spate of security failures has involved varying degrees of
risk, ranging from no damage to computer files to their complete
corruption.
Last week a team of scientists discovered a bug in tens of millions of
Microsoft Windows computer operating systems that allowed a hacker to
corrupt or take control of a personal computer by sending an email
containing a virus that can modify files, reformat a hard drive or execute
other commands.
Most copies of Windows 95 and all versions of Windows 98 were vulnerable
to the virus, which unlike previous strains does not require the victim to
open the email. Microsoft released an upgraded version of its Java virtual
machine that fixed the problem.
Earlier this month officials at the company's US headquarters in Redmond,
Washington state, admitted that their MSN Messenger instant-message
service, a form of real-time email, could accidentally disclose Hotmail
account passwords.
John Montgomery, the company's product manager, defended Microsoft's
record and said such attacks happened to rivals too.
"Building sophisticated software is hard. Giving people a rich user
experience means you are going to run into situations where that can be
abused," he said.
A Microsoft spokeswoman later confirmed the security lapse and claimed it
had been repaired.
"We found it was possible for a malicious hacker to gain access to our
Hotmail servers through specific knowledge of advanced web development
languages.
"We turned off the servers in the interests of security and user privacy.
Microsoft has now resolved the issue and all Hotmail servers have been
restored."
=====================
=================================
*** NOTICE: In accordance with Title 17 U.S.C. Section 107, this material
is distributed without profit to those who have expressed a prior interest
in receiving the included information for research and educational
purposes. ***
*****
"Messages sent on the IWW-news mailing list are the opinions of the
individual senders; they do not necessarily represent the views of the IWW.
IWW-news is for posting information which is relevant to the struggle of
the working class against our bosses. Visit http://www.iww.org/ for more
information."
To subscribe/unsubscribe from the IWW-news mailing list please send e-mail
to iww-news-request@iww.org with the word "subscribe" or "unsubscribe" as
the subject of the message.
[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]