MS Passport cracked with Hotmail
Rodney K
pepe65 at hawaii.rr.com
Mon Nov 5 15:28:45 PST 2001
Yikes this sounds way too easy to steal someone's identity.
-----------------------------------------------------------------------
http://www.theregister.co.uk/content/4/22655.html
"If, for example, a user enters their password to sign in to Hotmail, they
are then allowed access to their Passport Wallet without further
authentication for the next 15 minutes! So if someone logs into Hotmail then
reads an e-mail sent to them that uses one of a variety of attacks to steal
their Passport cookies, that attacker has then effectively stolen that user's
Passport Wallet, without the user ever knowing," Slemko explains.
More information about the LUAU
mailing list