[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6130FAF67D15D411BF7100E01899071F5F951A@stork.mightyoaks.local>
From: david.vincent at mightyoaks.com (David Vincent)
Subject: Hotmail & Passport (.NET Accounts) Vulnerab
ility
what's-his-name said...
"Is it me or ms never credit vulnerabilities according to
http://www.microsoft.com/security/passport_issue.asp "a report was
published detailing a security vulnerability(...)"? No more details or
credit."
...and then asserted...
"I also saw online news like http://www.vnunet.com/News/1140757 none
mentioned as it was said in Muhammad's post the issue was discovered..."
so i retort...
lesee here... going backwards, from MS03-017...
Acknowledgment:
===============
- Microsoft thanks Jouko Pynnonen of Oy Online Solutions Ltd,
Finland and Jelmer for reporting this issue to us and working
with us to protect customers.
from MS03-016...
Acknowledgment:
===============
- Microsoft thanks Cesar Cerrudo for reporting this issue to us
and working with us to protect customers
from MS03-013...
Acknowledgment:
===============
- Oded Horovitz of Entercept Security Technologies -
http://www.entercept.com
from MS03-010...
Acknowledgment:
===============
- Microsoft thanks jussi jaakonaho for reporting this issue to
us and working with us to protect customers
...need i go on?
and don't worry, the mainstream news managed to report Muhammad's name. see
this CNet story...
http://news.com.com/2100-1002-1000429.html?tag=nl
""It is hardly an exploit or even vulnerability; it's just a flaw, in their
Web-application logic," the person who posted the vulnerability said in an
e-mail to CNET News.com. "The flaw has been there since a long time. I just
discovered it recently," wrote the individual who identified himself as
Muhammad Faisal Rauf Danka. He claimed to be a Pakistani security consultant
and M.B.A. candidate."
...why? is this a fame thing or are you worried that ppl aren't getting
credit for the vulns they discover and therefore don't have the intellectual
property over said vulns?
is hotmail ever secure? is passport? no. never. never ever will they be
100% secure. face it people!
microsoft flooded the market place with a crappy product for YEARS, and
everyone knows it. now tons of people hate microsoft for it and they have
become a huge target for hackers and 31337 script kiddies, victims in a way
of their own success. how many dumbasses downloaded WinNUKE and pointed it
a microsoft.com of hotmail.com and had a go? don't put your data/banking
info/tax returns/important stuff anywhere you don't trust it! it's like
hiding your money behind a big bull's eye.
-d
Powered by blists - more mailing lists