Hotmail users beware! - Security Alert (5/10/2000)

Question

Hotmail Security Alert!!! (5/10/2000)

Answer

This question was answered on May 10, 2000. Much of the information contained herein may have changed since posting.

A new security hole in Microsoft's Hotmail web based e-mail service allows hackers to browse your email messages without a password

If a Hotmail user clicks on an attachment that contains a Javascript Trojan horse, an attacker can read, send, and delete messages from that person's account

The attack works when a Hotmail user clicks on an HTML attachment with an embedded Trojan horse The attachment intercepts Hotmail.com's cookies -- which include a session key called MSPAUTH --and forwards them to the attacker's computer

With the MSPAUTH key, an intruder can obtain complete access to a Hotmail account, which also could include finding POP email account passwords stored with Hotmail.

OUR RECOMMENDATION

Do not open any attachments to an e-mail message unless you know exactly what it is

If you would like a technical explanation of the attack go to:

<a href="http://www.peacefire.org/security/hmattach"><font color="#003399">http://www.peacefire.org/security/hmattach</font></a>

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on May 10, 2000