| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: david.vincent at mightyoaks.com (David Vincent) Subject: Hotmail & Passport (.NET Accounts) Vulnerab ility what's-his-name said... "Is it me or ms never credit vulnerabilities according to http://www.microsoft.com/security/passport_issue.asp "a report was published detailing a security vulnerability(...)"? No more details or credit." ...and then asserted... "I also saw online news like http://www.vnunet.com/News/1140757 none mentioned as it was said in Muhammad's post the issue was discovered..." so i retort... lesee here... going backwards, from MS03-017... Acknowledgment: =============== - Microsoft thanks Jouko Pynnonen of Oy Online Solutions Ltd, Finland and Jelmer for reporting this issue to us and working with us to protect customers. from MS03-016... Acknowledgment: =============== - Microsoft thanks Cesar Cerrudo for reporting this issue to us and working with us to protect customers from MS03-013... Acknowledgment: =============== - Oded Horovitz of Entercept Security Technologies - http://www.entercept.com from MS03-010... Acknowledgment: =============== - Microsoft thanks jussi jaakonaho for reporting this issue to us and working with us to protect customers ...need i go on? and don't worry, the mainstream news managed to report Muhammad's name. see this CNet story... http://news.com.com/2100-1002-1000429.html?tag=nl ""It is hardly an exploit or even vulnerability; it's just a flaw, in their Web-application logic," the person who posted the vulnerability said in an e-mail to CNET News.com. "The flaw has been there since a long time. I just discovered it recently," wrote the individual who identified himself as Muhammad Faisal Rauf Danka. He claimed to be a Pakistani security consultant and M.B.A. candidate." ...why? is this a fame thing or are you worried that ppl aren't getting credit for the vulns they discover and therefore don't have the intellectual property over said vulns? is hotmail ever secure? is passport? no. never. never ever will they be 100% secure. face it people! microsoft flooded the market place with a crappy product for YEARS, and everyone knows it. now tons of people hate microsoft for it and they have become a huge target for hackers and 31337 script kiddies, victims in a way of their own success. how many dumbasses downloaded WinNUKE and pointed it a microsoft.com of hotmail.com and had a go? don't put your data/banking info/tax returns/important stuff anywhere you don't trust it! it's like hiding your money behind a big bull's eye. -d
Powered by blists - more mailing lists