Bugfinder uncovers new Hotmail hole

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Bugfinder uncovers new Hotmail hole

A noted Bulgarian bugfinder claims to have found another way to crack open Microsoft’s beleaguered Web-based e-mail system, Hotmail.

Georgi Guninski, who made a name for himself by finding security violations in browsers, claims that Hotmail enables Web-paged embedded Javascript code to run automatically, making it possible for someone to write Web programs that could do anything from steal passwords to read others’ mail.

The problem is said to be caused by Hotmail’s inability to handle the new HTML tag, “STYLE.” Java programmers and Webweavers use STYLE to insert JavaScript into HTML pages.

Microsoft says the problem is not a Hotmail security issue, but rather “an example of people encouraging users to run malicious code on the Web.”

The company says users can protect themselves by disabling JavaScript before using Hotmail, or simply by not opening mail from unknown people that might contain JavaScript.

Guninski’s discovery comes just weeks after a massive security breach left millions of Hotmail users’ accounts unprotected for several hours.

The full story can be found at www.zdnn.com.