Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MSN messenger service

From: 11a () GMX NET (Bluefish)
Date: Thu, 11 May 2000 21:55:11 +0200

http://nyheter.idg.se/display.pl?ID=000511-CS12
(swedish only. the article is just a few hours old)

Anonymous source (spookesman?) within Microsoft claims to have fixed a
problem where emails sent to hotmail users could by using .html files make
the browser send the attacker the hotmail password (by sending a cookie)

Same bug, or just a very similar to the one we were discussing?

Is Microsoft monitoring vuln-dev, mayhap? :)

There's no information to when the servers were upgraded, just that they
were. Also, there's no information about if it is know to have been
exploited.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

On Thu, 20 Apr 2000, Masial wrote:


Hi all, just a few toughts...

Microsoft is assuming the following:

 (a) get you to log onto Hotmail or MSN Messenger
 (b) get you to leave your computer unattended
 (c) do this with exactly the right timing in order to copy the file during
the very short period that it exists.

However, while (A) is obviously required, assuming that (B) and (C) are
required for the breach to occur is a bit naive. As John mentioned, i could
beef up a little VBScript file that does a little "while true" loop and nabs
any .htm containg some string (say "hotmail.com"). That same cute vb script
could then do something like open a TCP connection to the other little cute
vbs running on my own machine to send him the cool info. I would then have
it pop me the hotmail page and read -insert victim here-'s email and whats
not.

This is, as opposed to what MS says, very trivial. I could code this in
about 15mins. Getting the file onto your victim wouldnt be very hard with a
bit of creativity and once there it could behave somewhat like the Kak virus
(replicates in system and adds itself to the run key, then appends your
current signature files).

Does anyone see something wrong with this?


M.
Previous By Date Next
Previous By Thread Next

Current thread: