Hotmail Security Alert!!! (5/10/2000)
This question was answered on May 10, 2000. Much of the information contained herein may have changed since posting.
A new security hole in Microsoft's Hotmail web based e-mail service allows hackers to browse your email messages without a password
If a Hotmail user clicks on an attachment that contains a Javascript Trojan horse, an attacker can read, send, and delete messages from that person's account
The attack works when a Hotmail user clicks on an HTML attachment with an embedded Trojan horse The attachment intercepts Hotmail.com's cookies -- which include a session key called MSPAUTH --and forwards them to the attacker's computer
With the MSPAUTH key, an intruder can obtain complete access to a Hotmail account, which also could include finding POP email account passwords stored with Hotmail.
OUR RECOMMENDATION
Do not open any attachments to an e-mail message unless you know exactly what it is
If you would like a technical explanation of the attack go to:
<a href="http://www.peacefire.org/security/hmattach"><font color="#003399">http://www.peacefire.org/security/hmattach</font></a>
About the author
Posted by Ken Colburn of Data Doctors on May 10, 2000
Need Help with this Issue?
We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!