Hotmail server hacked

[stoneman]

http://news.softpedia.com/news/Crit...ted-in-Wild-Microsoft-Issues-Fix-266506.shtml

 

[One]

Interesting.

 

[KIA]

Interesting.

Indeed.

http://www.zdnet.com/blog/bott/report-says-hotmail-exploit-spread-like-wild-fire-is-now-fixed/4892

Always wise to wait for a proper source.

 

[theheyes]

Why the hell did vulnerability lab wait two weeks to notify Microsoft?

 

[Uhtred]

http://www.bbc.co.uk/news/technology-17866897

I think some people owes the op an apology

 

[lemonade]

I love the way some people jump on the bandwagon to **** someone and think they know it all. Turned out all this was true.

 

[Fillado]

Wow that BBC article really doesn't explain what a HUGE vulnerability this was considering what can be stored to your Windows Live ID.

For example:

Hotmail
Contacts
Calendar
SkyDrive (which if you have the desktop app & fetch files enabled it gives access to your ENTIRE computer)
Xbox Live
Zune
Messenger
Windows Phone (ability to know where your phone is located & wipe it)
Services you've connected to Windows Live (Facebook/Twitter/Flickr/etc.)

 

[Deleted User 298457]

http://www.bbc.co.uk/news/technology-17866897

I think some people owes the op an apology

haha yup. ***. How embarrassing.

I'd personally say that constitutes hacking, as they exploited a vulnerability

The spammers had already got into your account at that stage! That's why your account got blocked - they got in using your secret question or a keylogger and sent a load of junk.



That wasn't an XSS exploit. That was the legit message you get when spammers get into your account and send a load of rubbish. The damage was already done.



That's just one bloke on a random forum. Don't believe what you read without corroborating it first!

pwnt

 

[bledd]

That's just one bloke on a random forum. Don't believe what you read without corroborating it first!

Wilders isn't some random forum

 

[hopeful_builder]

Got an email today - obviously a fake / fishing scam - uploaded as a jpeg just to show you all

 

[hopeful_builder]

 

[Deleted User 298457]

You are missing the point of this thread, lol. I'm sure everyone is aware of phising scams and what not, but this is regarding an intrusion which modifies data as its sent to the server to make hotmail think you've entered the correct credentials.

 

[demonix]

... to your knowledge!

There's another option anyway. If you used the same password for another website, they could have got your password from that site (either by guessing a question or through a database compromise) and used it to get into your email. It's much more likely that another random website was hacked than that Hotmail was hacked.

That doesn't count since I don't use that e-mail address anywhere, but they could've gotten it from another compromised account (like my sisters which was compromised before mine) and did a brute force attack on the password, or (conspiracy theory much) it could've been an inside job with someone from M$ handing out the passwords to the hackers.

My yahoo mail account was hacked before that, and I come to the conclusion that one was because of a compromised site (because it happened a little while after using two sites I usually frequented at the time of which one I no longer use because I thought it was the compromised site since the password on the other site was different to the one I used on yahoo even though I put the wrong password in the first time since I use several different passwords).

 

[stoneman]

The main point of this post as stated was to make people aware,which has happened.
I could have gone backwards and forwards arguing with certain posters like a tennis match,not my cup of tea.Anyway I hope it helped those that wanted to know,cheers

 

[XeNoN89]

Got an email today - obviously a fake / fishing scam - uploaded as a jpeg just to show you all

I also got this email today

 

[Rannoch]

Appears to be fixed but still a worry.