| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200305091309.h49D9RiQ013081@caligula.anu.edu.au> From: avalon at caligula.anu.edu.au (Darren Reed) Subject: Hotmail & Passport (.NET Accounts) In some mail from adf--at--Code511.com, sie said: > > Is it me or ms never credit vulnerabilities according to > http://www.microsoft.com/security/passport_issue.asp "a report was > published detailing a security vulnerability(...)"? No more details or > credit. And they should because...? If you ask me, doing this for "fame and fortune" is really against what i would call traditional hacker ethic. > I also saw online news like http://www.vnunet.com/News/1140757 none > mentioned as it was said in Muhammad's post the issue was discovered, and > ms warned since 12th April 2003. Meaning it let opened user's account (40 m > users?) open for almost 3 weeks... that's ms marketting for you! but if you think "open for almost 3 weeks", think again. "_KNOWN_ open for almost 3 weeks" is more correct. if someone had of been less inclined to show off their skills in being able to reset hotmail passwords, it'd still be unknown and may have been "in use" for some time before that, if not by that person then by others. Will MS tell us? Not likely.
Powered by blists - more mailing lists