Microsoft revealed this week that it had "addressed a reset function" in Hotmail that allowed hackers to reset passwords on the webmail service. Researchers first discovered the flaw on April 6th, alerting Microsoft to the problem two weeks later on April 20th. YouTube videos show that some hackers were exploiting the vulnerability on April 6th, with details of the flaw spreading "like wild fire across the hacking community" according to one report.
Hackers reportedly used a Firefox add-on to intercept HTTP requests and modify data to bypass Hotmail's token-based password reset system. Microsoft says it fixed the flaw on April 20th, but the company has not revealed how many of its 300 million users were affected by the temporary glitch....
Continue reading…
No comments:
Post a Comment