Security Incidents mailing list archives
RE: Folllow-up to the Hotmail/MSN password reset problems
From: "Dowling, Gabrielle" <dowlingg () sullcrom com>
Date: Fri, 9 May 2003 00:45:31 -0400
What you are suggesting is significantly different from what our TAM told us today, which was that they don't have a way to detect compromised accounts (in response to my explicit question about that). I believe they can only restore compromised accounts. Further, it was not generally described that email accounts could have been accessed through this vulnerability, but certainly they were exposed since the password is the same. The shutdown of the link prevents any new compromises, but I don't get how that is reason to shut down this thread. This appears to be the most critical vulnerability in recent times, and appears to destroy any credibility in the passport initiative. Gaby -----Original Message----- From: Dan Hanson Sent: Thu May 08 19:33:33 2003 To: incidents () securityfocus com Subject: Folllow-up to the Hotmail/MSN password reset problems As many of you have noted, this was fixed shortly after it was posted to this list. Microsoft also appears to have locked out any accounts of people whom they feel may have been affected by this, therefore anyone who "tested" on their own account can expect that their old and new passwords will not work. Most of the information is on many news sites or channels. As such, this thread can be considered dead. ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ---------------------------------------------------------------------------- ********************************************************************** This e-mail is sent by a law firm and contains information that may be privileged and confidential. If you are not the intended recipient, please delete the e-mail and notify us immediately. *********************************************************************** ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
Current thread:
- Folllow-up to the Hotmail/MSN password reset problems Dan Hanson (May 08)
- <Possible follow-ups>
- RE: Folllow-up to the Hotmail/MSN password reset problems Dowling, Gabrielle (May 08)
- RE: Folllow-up to the Hotmail/MSN password reset problems Dan Hanson (May 08)
- Re: Folllow-up to the Hotmail/MSN password reset problems Michael Sierchio (May 09)
- Re: Folllow-up to the Hotmail/MSN password reset problems Valdis . Kletnieks (May 13)
- RE: Folllow-up to the Hotmail/MSN password reset problems Dan Hanson (May 08)
- Re: Folllow-up to the Hotmail/MSN password reset problems Devilscrow Sr (May 14)