ID: IRCNE2012041483
Date: 2012-04-30
According to "techworld", Microsoft has fixed a flaw in Hotmail's password reset system that allowed hackers to take control of webmail accounts.
The vulnerability existed in Hotmail's password reset feature. Hackers were able to use a Firefox add-on called Tamper Data to intercept the outgoing HTTP request following a password reset request and modify the data, locking out the account holder and gaining access to their inbox.
Computer security researchers discovered the vulnerability in early April and told Microsoft about it soon afterwards. Microsoft said it has now issued an update to fix the bug.
“On Friday we addressed a reset function incident to help protect Hotmail customers, no action needed,” the company posted on its Security Response Twitter account.
It is not known is just how many Hotmail accounts may have been compromised by the bug.
Sophos senior technology consultant Graham Cluley said that if Hotmail users are inexplicably unable to log into their account, then it is possible their email account has fallen victim to this attack.
Last year, the webmail accounts of Google, Yahoo and Hotmail users were hit by a series of politically-motivated spearphishing attacks. Hackers were able to gain access to webmail accounts and send specially crafted phishing email messages to several thousand victims.
- 2