Hotmail cookies in the hotseat

* * * * Hotmail at Risk to Cookie Thieves
.
.
MSN Hotmail users, guard your cookies. A simple technique for accessing Microsoft's free e-mail service without a password is in the wild and apparently being exploited.
.
The trick involves capturing a copy of the victim's browser cookies file. Once the perpetrator gains two key Hotmail cookies, there's no way to lock him out because at Hotmail, cookies trump even passwords.
.
"What's scary about this is that once they have your cookies, they have your account forever. Even if you change your password, they can still get in," said Eric Glover, a New Jersey-based programmer who has a doctorate in computer science from the University of Michigan.
.
Glover said he unearthed the Hotmail cookie problem when a friend's former boss started accessing the friend's Hotmail account -- and continued to use the account even after the pal repeatedly changed her password.
.
After studying Hotmail's sign-on process, Glover concluded that the snoopy manager likely had grabbed a copy of the Hotmail cookies from the friend's work computer or a back-up tape and had been using them to digitally unlock her Web mail account.
.
Microsoft officials said Thursday that the Hotmail service offers users several tools to limit what the company terms "cookie-based replay attacks" but added that Microsoft is "always looking at ways to protect users further, as well as giving them more control over their online experience."
.
Security experts, however, said today that the Hotmail vulnerability exposes the risks of relying on browser cookies as the digital keys to Internet sites.

.
Cookies, the small data files placed on an Internet user's computer when visiting websites, are primarily used to identify visitors for the purpose of customizing content such as advertising. But many sites, including Hotmail, also rely on cookies for more serious authentication purposes.
.
For such sites, the cookie is akin to an ATM banking card that doesn't also require the holder to provide a password. Lose the "card" and you may give up your security....
.

. * * * * *
http://boards.cramsession.com/boards/vbm.asp?m=543274




* * * ** MODS, * if this is the in-corrected forum please feel free to move accordingly......thanks


* * * * * * * * * * * * *snowman

[Checkout]

Quote:

"always looking at ways to protect users further, as well as giving them more control over their online experience."

I really wish these people would stop using *&*^%$%£ Hippy Language when describing what we do online. *Will they ever grow up and speak moderate English?

* * * * * Checkout

* * * * * LOL....maybe thats the M$ way of saying "gee, we don't know how to correct this"""



* * * * * * * * * * * * * snowman

[UNICRON]

D@mn you are funny Checkout!

I agree, everything is an "experience." MS isn't the only one who does that though. It is a marketing angle with which companies attempt to lure in uneducated (with computers that is) people who have money into buying what they are selling. Take AOL for instance. You have seen the commercials. Are they talking about the same internet I use? Sounds like version 7 of the internet is available only for AOL users. Utter rubish, but sadly, it is extremely effective. Retired and wealthy grandma and grandpa can't sign up fast enough. They buy a Dell or a Compaq or some other piece of junk, get AOL and then email every funny thing they see to everybody on their list. Viruses and All.

Marketing makes the world go round (not love unfortunately)

Quote:

Marketing makes the world go round (not love unfortunately)

Let's celebrate that with a Group Hug. *I lurv ya, Man!

[UNICRON]

Quote:

lurv

please don't lurv me, it is against my religion to lurv.

[Detox]

May I point out that Checkout never requested you return his lurv?

[javacool]

Quote:

May I point out that Checkout never requested you return his lurv?

A little off-topic, no? *

[Checkout]

Quote:

A little off-topic, no? *

No, Man! *I lurv Hotmail Cookies, they bring peace to the World. *I stick daisies in the barrels on Hotmail Top Guns and I rattle my beads at their spam. *My mantra is "Microsoft! *Microsoft! *Microsoft!" and Gates, lurv him, is like this big Daddy of cosmic coding. *Take a trip. *Tune in, turn on, reboot. *Yeah!

* * * *WHOA.....someone open a window..there is the smell of wacky tabacky in the house!!!!



* * * * * * * * * snowman

[UNICRON]

hey Check out, you sure you are not from BC?

[Checkout]

As I look at the window at a drizzly Dublin day, I'd say, yeah, pretty sure. *

[UNICRON]

Too bad, you'd get along famously around here.