Re: HOTMAIL closed (fwd)

From xdaydreamx@gmx.net
Date Tue, 31 Aug 1999 19:09:42 +0200 (MEST)
References <Pine.NEB.4.10.9908311225080.2492-100000@nsa.secret.org>


[: hacktivism :]

Yea right, 50 million users! Who uses hotmail anyway? Also, notice the
similarities in the two newspaper reports below (even down to the exact same
sentence being used). This is perfect proof of the way the big media will
blindly copy press agency releases without bothering to verify their information
or put an ounce of energy into REAL news. These are the kinds of papers that
unwittingly spread the impression of the "evil" hacker. And the Guardian
and the Independent are actually among the better ones in the UK...

jjf

> [: hacktivism :]
> 
> Yet another good reason for activists not to use hotmail.
> 
> Solid,
> 
>  Flint
> 
> ---------- Forwarded message ----------
> 
> 
> INDEPENDENT (London)  August 31
> 
> HACKERS FORCE HOTMAIL CLOSURE 
> 
> ONE OF the biggest breaches of security in
> Internet history meant that the messages of 50 million Hotmail users
> worldwide could be read by anyone for six hours yesterday.
> 
> Microsoft was forced to shut down its popular, free e-mail service after
a
> bug in the system allowed hackers to access people's messages without
> knowing their passwords and to send bogus messages in other people's
> names.
> 
> News of the breach, and information about how it worked, spread rapidly
> across both technical and hacking websites. By the time the original
site,
> based in Sweden, was taken down by its host, it had already been copied
to
> sites in this country and the US.
> 
> Hotmail is claimed to be the world's largest provider of free Web-based
> e-mail, with an estimated 50 million subscribers worldwide, of which 5
> million are British. Since Hotmail can be accessed from anywhere with a
> Web browser, people use it for personal messages at work or while
> travelling. It is particularly popular among students travelling
overseas
> and businessmen who value its privacy.
> 
> One British website where the hacking code was posted was headlined:
"This
> is how you find out a Hotmail user's password." It ended: "Happy
> hacking!!!"
> 
> Internet analysts described yesterday's security flaw as catastrophic.
It
> was the most serious in a run of recent security breaches in the growing
> Internet industry. Unlike previous incidents, the latest did not require
> hackers to have in-depth knowledge of software systems.
> 
> A Microsoft spokeswoman confirmed the security lapse last night and
> claimed it had been repaired. "Once notified of the issue we started
> investigating it and turned off the Hotmail servers in the interest of
> user privacy and security," she said. "My understanding is that we have
> resolved the issue to prevent future attacks and all Hotmail servers
> should already be back up. No user action is required. Microsoft takes
the
> privacy and security of our customers very seriously."
> 
> Shares in Microsoft fell slightly on the New York stock exchange
> yesterday. The recent spate of security failures has involved varying
> degrees of risk, ranging from no damage to the complete corruption of
> computer files.
> 
> A team of scientists discovered a bug last week in tens of millions of
> Microsoft Windows computer operating systems that allowed a hacker to
> corrupt or take control of a personal computer by sending an e-mail
> containing a virus that can modify files, wipe a hard drive or execute
> other commands.
> 
> Most copies of Windows 95 and all versions of Windows 98 were vulnerable
> to the virus, which unlike previous strains does not require the victim
to
> open the e-mail.
> 
> Officials at Microsoft, admitted earlier this month that the MSN
Messenger
> instant-message service, a form of real-time e-mail, could accidentally
> disclose Hotmail account passwords.
> 
> ===================
> 
> GUARDIAN (London)  August 31
> 
> 
> 
> Hackers force Microsoft Hotmail shutdown
> 
> 
> Microsoft pulled the plug on its Hotmail service yesterday after one of
> the biggest security breaches in internet history allowed hackers to
read
> the private emails of more than 50m subscribers.
> 
> A bug in the system allowed hackers to log into Hotmail accounts without
> typing passwords that were supposed to guarantee confidentiality.
> 
> Unknown sources posted websites in Britain and Sweden that featured nine
> lines of code which enabled browsers to bypass Microsoft's security
> system. Copies of the code circulated within hours and were posted on
> hacking-related websites, said Wired News, an online magazine.
> 
> Microsoft closed down its service, which is claimed to be the world's
> largest provider of free web-based email, but it was feared that hackers
> were still able to gain access.
> 
> Internet analysts described the incident as a catastrophic security
flaw.
> 
> Still posted on the web last night was Hotmail's promise to subscribers:
> "We are committed to protecting your privacy and developing technology
> that gives you the most powerful, safe, online experience that you can
get
> anywhere... because your privacy is important to us."
> 
> Christian Carrwik, a reporter with the Expressen newspaper, in Sweden,
> which broke the story yesterday, said rumours of a security breach had
> been circulating for days.
> 
> Microsoft had privately admitted the problem but did not warn users nor
> close down Hotmail until yesterday.
> 
> "The back door is still open and more and more people are discovering
> their way through it," said Mr Carrwik.
> 
> Yesterday's lapse was the most serious in a string of recent security
> gaffes in the growing internet industry. Hacking usually requires
in-depth
> knowledge of software systems but the latest breach allowed anybody with
> an internet browser to read private correspondence.
> 
> According to the British website where the hacking code was posted, it
was
> written on June 7 1998. The website was headlined: "This is how you find
> out a Hotmail user's password." It ended: "Happy hacking!!!"
> 
> Microsoft's website said the hacking was not affecting all Hotmail users
> and was not expected to "last much longer".
> 
> Shares in Microsoft fell slightly on the New York stock exchange
> yesterday.
> 
> The recent spate of security failures has involved varying degrees of
> risk, ranging from no damage to computer files to their complete
> corruption.
> 
> Last week a team of scientists discovered a bug in tens of millions of
> Microsoft Windows computer operating systems that allowed a hacker to
> corrupt or take control of a personal computer by sending an email
> containing a virus that can modify files, reformat a hard drive or
execute
> other commands.
> 
> Most copies of Windows 95 and all versions of Windows 98 were vulnerable
> to the virus, which unlike previous strains does not require the victim
to
> open the email. Microsoft released an upgraded version of its Java
virtual
> machine that fixed the problem.
> 
> Earlier this month officials at the company's US headquarters in
Redmond,
> Washington state, admitted that their MSN Messenger instant-message
> service, a form of real-time email, could accidentally disclose Hotmail
> account passwords.
> 
> John Montgomery, the company's product manager, defended Microsoft's
> record and said such attacks happened to rivals too.
> 
> "Building sophisticated software is hard. Giving people a rich user
> experience means you are going to run into situations where that can be
> abused," he said.
> 
> A Microsoft spokeswoman later confirmed the security lapse and claimed
it
> had been repaired.
> 
> "We found it was possible for a malicious hacker to gain access to our
> Hotmail servers through specific knowledge of advanced web development
> languages.
> 
> "We turned off the servers in the interests of security and user
privacy.
> Microsoft has now resolved the issue and all Hotmail servers have been
> restored."
> 
> =====================
> 
> =================================
> 
> 
> *** NOTICE: In accordance with Title 17 U.S.C. Section 107, this
material
> is distributed without profit to those who have expressed a prior
interest
> in receiving the included information for research and educational
> purposes. ***
> 
> 
> 
> 
> 
> 
> 
> 
> *****
> "Messages sent on the IWW-news mailing list are the opinions of the
> individual senders; they do not necessarily represent the views of the
IWW.
> IWW-news is for posting information which is relevant to the struggle of
> the working class against our bosses. Visit http://www.iww.org/ for more
> information."
> To subscribe/unsubscribe from the IWW-news mailing list please send
e-mail
> to iww-news-request@iww.org with the word "subscribe" or "unsubscribe"
as
> the subject of the message.
> 
> 
> 
> [: hacktivism :]
> [: for unsubscribe instructions or list info consult the list FAQ :]
> [: http://hacktivism.tao.ca/ :]
> 

-- 
Sent through Global Message Exchange - http://www.gmx.net

[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]