Full Disclosure mailing list archives
RE: Hotmail & Passport (.NET Accounts) Vulnerability
From: "Ihsan-ur-Rehman" <ihsan.rehman () DIT24 COM PK>
Date: Thu, 22 Apr 2004 15:28:07 +0500
Now finally the flaw seems to be corrected. Zone-H only concern was that Muhammad Faisal Rauf Danka had written to Microsoft/Hotmail more that 10 mails from the 12th of April and he didn't receive any answer. Hotmail has been vulnerable for all this time long. Now that the flaw has been corrected, not a simple "THANK YOU" has been sent from Hotmail security staff to Muhammad Faisal Rauf Danka. As to say, don't complain too much then if whitehats are disappearing from the world surface... SyS64738 comment: How much does it take to Hotmail or Microsoft to say a simple "thank you" to the good MFRD that was constantly mailing them about this flaw that could have led to a DISASTER for Hotmail customers? This is basic education my two kids have already learned... SyS64738 post comment: I finally received from Muhammad Faisal Rauf Danka this message: ******************* "I am now as a matter of fact happy that finally the issue has been resolved Microsoft has contacted me. And things are in control." ******************* So the story had a happy end, zone-h just hopes that the next time Microsoft won't wait until the issue gets public in order to patch a reported vulnerability/flaw. Source = http://www.zone-h.org/en/news/read/id=2666/ Sincerely, Ihsan Malik. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Hotmail & Passport (.NET Accounts) Vulnerability fernando escobar (Apr 20)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Valdis . Kletnieks (Apr 20)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Jon (Apr 20)
- <Possible follow-ups>
- Re: Hotmail & Passport (.NET Accounts) Vulnerability anirudh bhatt (Apr 21)
- RE: Hotmail & Passport (.NET Accounts) Vulnerability Ihsan-ur-Rehman (Apr 22)