lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: ihsan.rehman at DIT24.COM.PK (Ihsan-ur-Rehman)
Subject: RE: Hotmail & Passport (.NET Accounts) Vulnerability

Now finally the flaw seems to be corrected. Zone-H only concern was that
Muhammad Faisal Rauf Danka had written to Microsoft/Hotmail more that 10
mails from the 12th of April and he didn't receive any answer. Hotmail
has been vulnerable for all this time long. Now that the flaw has been
corrected, not a simple "THANK YOU" has been sent from Hotmail security
staff to Muhammad Faisal Rauf Danka.

As to say, don't complain too much then if whitehats are disappearing
from the world surface...

SyS64738 comment:

How much does it take to Hotmail or Microsoft to say a simple "thank
you" to the good MFRD that was constantly mailing them about this flaw
that could have led to a DISASTER for Hotmail customers? This is basic
education my two kids have already learned...

SyS64738 post comment: I finally received from Muhammad Faisal Rauf
Danka this message:


"I am now as a matter of fact happy that finally the issue has been
resolved Microsoft has contacted me. And things are in control." 


So the story had a happy end, zone-h just hopes that the next time
Microsoft won't wait until the issue gets public in order to patch a
reported vulnerability/flaw. 
Source =

Ihsan Malik.

Powered by blists - more mailing lists