javacool
February 11th, 2002, 08:08 PM
The following is couresty of Newsbytes.com...
{QUOTE-> Hackers Shortcut Hotmail Password Reset Protections
By Brian Krebs, Newsbytes
WASHINGTON, D.C., U.S.A.,
11 Feb 2002, 4:25 PM CST
Security researchers have discovered a vulnerability in Microsoft Corp.'s [NASDAQ: MSFT] Hotmail service that allows hackers to bypass security questions that users must answer before resetting their passwords.
Normally, if Hotmail users forget their password they must fill out a Web form that requires their e-mail address, state, zip code and country. Users who enter the correct information are then prompted for the answer to the "secret question" they selected when signing up for the service.
According to information obtained by Newsbytes, hackers recently discovered a way to skip the validation form and go directly to any user's "secret question" prompt. From there, the intruder is only one step away from resetting the user's password.
Sources say that since the discovery of the security hole roughly two weeks ago, a small cadre of hackers has been patiently checking a long list of high-profile and desirable usernames for easily-guessed answers to secret questions.
<snip>
<-QUOTE}
Click here to read the rest of the article: http://www.newsbytes.com/news/02/174400.html
Enjoy! *;D (TM)*
*"Enjoy! ;D" is used by me only when its appropriate... ;)
{QUOTE-> Hackers Shortcut Hotmail Password Reset Protections
By Brian Krebs, Newsbytes
WASHINGTON, D.C., U.S.A.,
11 Feb 2002, 4:25 PM CST
Security researchers have discovered a vulnerability in Microsoft Corp.'s [NASDAQ: MSFT] Hotmail service that allows hackers to bypass security questions that users must answer before resetting their passwords.
Normally, if Hotmail users forget their password they must fill out a Web form that requires their e-mail address, state, zip code and country. Users who enter the correct information are then prompted for the answer to the "secret question" they selected when signing up for the service.
According to information obtained by Newsbytes, hackers recently discovered a way to skip the validation form and go directly to any user's "secret question" prompt. From there, the intruder is only one step away from resetting the user's password.
Sources say that since the discovery of the security hole roughly two weeks ago, a small cadre of hackers has been patiently checking a long list of high-profile and desirable usernames for easily-guessed answers to secret questions.
<snip>
<-QUOTE}
Click here to read the rest of the article: http://www.newsbytes.com/news/02/174400.html
Enjoy! *;D (TM)*
*"Enjoy! ;D" is used by me only when its appropriate... ;)