IJMC - Microsoft's Deluge of Security Holes Continues
Last week I spent a fair amount of time trying to find an older copy of
one of Microsoft's products, Internet Explorer. Since I generally use
Netscape as my browser I do not keep up too much on the various patches
available for Microsoft's competing product. I will simply say I was
amazed at how many different security patches there were for Internet
Explorer 4.x...and I already know of the multitudinous security holes
existing between the various Microsoft operating systems. So this
message, sent to me by a friend at CNN, simply did not suprise me. Of
course, I do not have a Hotmail account...which helps. -dave
Ok gang. This is not an urban legend and this is not spam. This is true. I
know that all spams say , "this is true," but I was sitting behind the
Technology editor and the senior editor when the story broke and saw it
tested. Read on.
Web site provides access to
millions of Hotmail messages
August 30, 1999
Web posted at: 10:37 a.m. EDT (1437 GMT)
(CNN) -- Millions of free Internet
e-mail accounts provided by
Microsoft's Hotmail service were
susceptible to a major security breach
that allowed access Monday to users'
The breach worked via a simple Web
address which prompted for a
Hotmail username. Once the
username was entered, the Hotmail
account came up and the mailbox was
The hack opened all accounts tested
by CNN Interactive, but e-mail
messages couldn't always be opened.
There was no immediate information
on how long the breach has been
The breach allows users to read and
forward a member's old messages, read
new messages and send e-mail in
some cases under the name of the user
-- assuming the member's identity.
Hotmail boasts 40 million subscribers.
A morning telephone call made to the
public relations firm that handles
Microsoft's publicity was referred to
Microsoft's main number in Redmond,
That call was forwarded by an operator
to Microsoft's Corporate Security
Desk. "You should send that to
email@example.com. " said Greg
Betcher, at that desk.
Erik Barkel, of Stockholm, Sweden, was
listed in the domain name directory
Internic as the administrator for the
Web site's domain, but a call to his
number did not go through.