Full Disclosure mailing list archives
RE: Hotmail & Passport (.NET Accounts) Vulnerab ility
From: David Vincent <david.vincent () mightyoaks com>
Date: Fri, 9 May 2003 22:49:56 -0700
what's-his-name said... "Is it me or ms never credit vulnerabilities according to http://www.microsoft.com/security/passport_issue.asp "a report was published detailing a security vulnerability(...)"? No more details or credit." ...and then asserted... "I also saw online news like http://www.vnunet.com/News/1140757 none mentioned as it was said in Muhammad's post the issue was discovered..." so i retort... lesee here... going backwards, from MS03-017... Acknowledgment: =============== - Microsoft thanks Jouko Pynnonen of Oy Online Solutions Ltd, Finland and Jelmer for reporting this issue to us and working with us to protect customers. from MS03-016... Acknowledgment: =============== - Microsoft thanks Cesar Cerrudo for reporting this issue to us and working with us to protect customers from MS03-013... Acknowledgment: =============== - Oded Horovitz of Entercept Security Technologies - http://www.entercept.com from MS03-010... Acknowledgment: =============== - Microsoft thanks jussi jaakonaho for reporting this issue to us and working with us to protect customers ...need i go on? and don't worry, the mainstream news managed to report Muhammad's name. see this CNet story... http://news.com.com/2100-1002-1000429.html?tag=nl ""It is hardly an exploit or even vulnerability; it's just a flaw, in their Web-application logic," the person who posted the vulnerability said in an e-mail to CNET News.com. "The flaw has been there since a long time. I just discovered it recently," wrote the individual who identified himself as Muhammad Faisal Rauf Danka. He claimed to be a Pakistani security consultant and M.B.A. candidate." ...why? is this a fame thing or are you worried that ppl aren't getting credit for the vulns they discover and therefore don't have the intellectual property over said vulns? is hotmail ever secure? is passport? no. never. never ever will they be 100% secure. face it people! microsoft flooded the market place with a crappy product for YEARS, and everyone knows it. now tons of people hate microsoft for it and they have become a huge target for hackers and 31337 script kiddies, victims in a way of their own success. how many dumbasses downloaded WinNUKE and pointed it a microsoft.com of hotmail.com and had a go? don't put your data/banking info/tax returns/important stuff anywhere you don't trust it! it's like hiding your money behind a big bull's eye. -d _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Hotmail & Passport (.NET Accounts) Vulnerab ility David Vincent (May 09)
- RE: Hotmail & Passport (.NET Accounts) Vulnerability nate (May 10)