HotMail security bug exposes passwords

Microsoft's free HotMail email service suffers from a security breach thatcould cause its users to disclose their user names and passwords. The bug,which was discovered by a Canadian company called Specialty Installations,can be triggered by a

Paul Thurrott

August 24, 1998

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Microsoft's free HotMail email service suffers from a security breach thatcould cause its users to disclose their user names and passwords. The bug,which was discovered by a Canadian company called Specialty Installations,can be triggered by a piece of JavaScript code embedded in an HTML-formatemail message. When the user reads the encoded message, the JavaScript codeasks the user to login to HotMail again. Since the dialog box looks justlike the one you get when you really do login to HotMail, many users willbe fooled, and the login information will be mailed to the sender of themessage.

Microsoft is working on a fix to the problem but offers the followingadvice in the meantime: Don't open messages from unknown parties. If yousee an unexpected login prompt, do not respond to it, but rather return toHotMail using a Favorite/Bookmark or by typing the HotMail URL into yourbrowser.

Tools like JavaScript, VBScript, and Java are far more powerful than normalHTML, but since all popular email programs now support HTML, these othertechnologies have come along for the ride and they're opening up numeroussecurity problems. Email bugs in Eudora, Netscape Mail, Microsoft Outlook98, and Outlook Express can all be tied to HTML-enabled email

About the Author

Paul Thurrott

Paul Thurrott is senior technical analyst for Windows IT Pro. He writes the SuperSite for Windows, a weekly editorial for Windows IT Pro UPDATE, and a daily Windows news and information newsletter called WinInfo Daily UPDATE.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like